Fortinet, Ivanti, and Nvidia on Tuesday introduced security updates that deal with over a dozen high- and medium-severity vulnerabilities throughout their product portfolios.
Ivanti resolved two high-severity inadequate filename validation points in Endpoint Supervisor (EPM) that might be exploited remotely, with out authentication, to execute arbitrary code. The exploitation of each defects, nonetheless, require consumer interplay.
Moreover, the corporate introduced patches for 5 high- and 6 medium-severity vulnerabilities in Join Safe, Coverage Safe, ZTA Gateways, and Neurons for Safe Entry.
Essentially the most extreme of the security holes embody a lacking authorization difficulty resulting in HTML5 connection hijacking, a CSRF bug resulting in the unauthenticated execution of delicate actions, and lacking authorization flaws that permit attackers to configure authentication-related settings.
Patches had been included in EPM variations 2024 SU3 SR 1 and 2022 SU8 SR 2, Join Safe variations 22.7R2.9 and 22.8R2, Coverage Safe model 22.7R1.5, ZTA Gateways model 22.8R2.3-723, and Neurons for Safe Entry model 22.8R1.4.
“We now have no proof of any of those vulnerabilities being exploited within the wild,” Ivanti notes in its security replace announcement.
Fortinet launched fixes for a medium-severity OS command injection bug in FortiDDoS that might result in code execution, and for a medium-severity path traversal flaw in FortiWeb resulting in arbitrary file learn.
Nvidia rolled out fixes for one high- and two medium-severity defects within the NVDebug software that might permit attackers to entry privileged accounts, write information to restricted elements, or run code as non-privileged customers.
The problems might be exploited for code execution, privilege escalation, denial-of-service (DoS), data disclosure, or information tampering, and had been resolved in NVDebug software model 1.7.0.
Neither Fortinet nor Nvidia make any point out of those vulnerabilities being exploited within the wild, however customers are suggested to replace their purposes as quickly as attainable.
