Fortinet, Ivanti, and Nvidia on Tuesday introduced safety updates that handle over a dozen high- and medium-severity vulnerabilities throughout their product portfolios.
Ivanti resolved two high-severity inadequate filename validation points in Endpoint Supervisor (EPM) that may very well be exploited remotely, with out authentication, to execute arbitrary code. The exploitation of each defects, nonetheless, require consumer interplay.
Moreover, the corporate introduced patches for 5 high- and 6 medium-severity vulnerabilities in Join Safe, Coverage Safe, ZTA Gateways, and Neurons for Safe Entry.
Probably the most extreme of the safety holes embrace a lacking authorization situation resulting in HTML5 connection hijacking, a CSRF bug resulting in the unauthenticated execution of delicate actions, and lacking authorization flaws that permit attackers to configure authentication-related settings.
Patches had been included in EPM variations 2024 SU3 SR 1 and 2022 SU8 SR 2, Join Safe variations 22.7R2.9 and 22.8R2, Coverage Safe model 22.7R1.5, ZTA Gateways model 22.8R2.3-723, and Neurons for Safe Entry model 22.8R1.4.
“We have now no proof of any of those vulnerabilities being exploited within the wild,” Ivanti notes in its safety replace announcement.
Fortinet launched fixes for a medium-severity OS command injection bug in FortiDDoS that would result in code execution, and for a medium-severity path traversal flaw in FortiWeb resulting in arbitrary file learn.
Nvidia rolled out fixes for one high- and two medium-severity defects within the NVDebug device that would permit attackers to entry privileged accounts, write information to restricted parts, or run code as non-privileged customers.Commercial. Scroll to proceed studying.
The problems may very well be exploited for code execution, privilege escalation, denial-of-service (DoS), data disclosure, or knowledge tampering, and had been resolved in NVDebug device model 1.7.0.
Neither Fortinet nor Nvidia make any point out of those vulnerabilities being exploited within the wild, however customers are suggested to replace their purposes as quickly as potential.
Associated: SAP Patches Important NetWeaver Vulnerabilities
Associated: ICS Patch Tuesday: Rockwell Automation Leads With 8 Safety Advisories
Associated: Two Exploited Vulnerabilities Patched in Android
Associated: Tailoring Safety Coaching to Particular Sorts of Threats
