Back to News
Market Impact: 0.4

CISA Warns AMI BMC Vulnerability Exploited in the Wild

FTNTHPE
Cybersecurity & Data PrivacyTechnology & InnovationRegulation & Legislation

The US cybersecurity agency CISA has warned that a critical AMI BMC vulnerability (CVE-2024-54085, CVSS 10/10), which impacts products from HPE, Asus, and Lenovo and allows attackers to gain full system control and cause damage, is now being actively exploited in the wild; federal agencies must patch by July 17. CISA also noted in-the-wild exploitation of an older FortiOS bug (CVE-2019-6693) patched over five years ago and a D-Link router flaw, underscoring persistent and diverse cybersecurity threats from both recent and legacy vulnerabilities that necessitate immediate remediation for enterprises and government entities.

Analysis

The U.S. Cybersecurity and Infrastructure Security Agency's (CISA) addition of three vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog signals an immediate and heightened threat environment for specific technology vendors and their customers. The most critical issue is CVE-2024-54085, an authentication bypass flaw with a maximum severity score of 10/10 affecting baseboard management controllers (BMCs) in products from Hewlett Packard Enterprise (HPE), Asus, and Lenovo. The active exploitation of this flaw, which allows for complete system takeover and potential hardware damage, presents a significant near-term risk for HPE, reflected in its more negative sentiment score (-0.7). The mandatory July 17 patching deadline for federal agencies underscores the urgency and could drive short-term remediation spending. Concurrently, CISA's warning on Fortinet's (FTNT) CVE-2019-6693, a medium-severity bug patched over five years ago, highlights the persistent risk posed by legacy, unpatched systems. While this is a negative headline for Fortinet, the primary failure lies in end-user patch management rather than a new product defect, explaining the milder negative sentiment (-0.2). This event reinforces the long-tail nature of cyber threats and the ongoing challenge of ensuring security compliance across enterprise environments.

AllMind AI Terminal

AI-powered research, real-time alerts, and portfolio analytics for institutional investors.

Request a Demo

Market Sentiment

Overall Sentiment

moderately negative

Sentiment Score

-0.50

Ticker Sentiment

FTNT-0.20
HPE-0.70

Key Decisions for Investors

  • Investors in Hewlett Packard Enterprise (HPE) should monitor for company disclosures regarding the financial or reputational impact of the critical CVE-2024-54085 vulnerability, as its severity and direct link to HPE hardware present a tangible headline risk.
  • For Fortinet (FTNT), the exploitation of a long-patched vulnerability is less an indictment of its current technology and more a reflection of its customers' security hygiene; this may reinforce the need for its security and support services, suggesting the direct negative impact on the stock could be limited.
  • The CISA announcement serves as a broad tailwind for the cybersecurity sector, particularly for firms specializing in vulnerability management and incident response, as the federal deadline and public exploits will likely accelerate enterprise security spending.