CYBERNEWSMEDIA Network:||
CYBERNEWSMEDIA
CYBERNEWSMEDIA

Cybersecurity News, Insights & Analysis

Latest
TrueConf Zero-Day Exploited in Asian Government Attacks
In Other News: ChatGPT Data Leak, Android Rootkit, Water Facility Hit by Ransomware
Critical ShareFile Flaws Lead to Unauthenticated RCE
Mobile Attack Surface Expands as Enterprises Lose Control
React2Shell Exploited in Large-Scale Credential Harvesting Campaign
AD · 970×250

Vulnerabilities

Fortinet, Ivanti, Nvidia Release Security Updates

High-severity vulnerabilities could lead to remote code execution, privilege escalation, information disclosure, and configuration tampering. The post Fortinet, Ivanti, Nvidia Release Security Updates appeared first on SecurityWeek.

Fortinet, Ivanti, and Nvidia on Tuesday announced security updates that address over a dozen high- and medium-severity vulnerabilities across their product portfolios.

Ivanti resolved two high-severity insufficient filename validation issues in Endpoint Manager (EPM) that could be exploited remotely, without authentication, to execute arbitrary code. The exploitation of both defects, however, require user interaction.

Additionally, the company announced patches for five high- and six medium-severity vulnerabilities in Connect Secure, Policy Secure, ZTA Gateways, and Neurons for Secure Access.

The most severe of the security holes include a missing authorization issue leading to HTML5 connection hijacking, a CSRF bug leading to the unauthenticated execution of sensitive actions, and missing authorization flaws that allow attackers to configure authentication-related settings.

Patches were included in EPM versions 2024 SU3 SR 1 and 2022 SU8 SR 2, Connect Secure versions 22.7R2.9 and 22.8R2, Policy Secure version 22.7R1.5, ZTA Gateways version 22.8R2.3-723, and Neurons for Secure Access version 22.8R1.4.

“We have no evidence of any of these vulnerabilities being exploited in the wild,” Ivanti notes in its security update announcement.

Fortinet released fixes for a medium-severity OS command injection bug in FortiDDoS that could lead to code execution, and for a medium-severity path traversal flaw in FortiWeb leading to arbitrary file read.

Nvidia rolled out fixes for one high- and two medium-severity defects in the NVDebug tool that could allow attackers to access privileged accounts, write files to restricted components, or run code as non-privileged users.

The issues could be exploited for code execution, privilege escalation, denial-of-service (DoS), information disclosure, or data tampering, and were resolved in NVDebug tool version 1.7.0.

Neither Fortinet nor Nvidia make any mention of these vulnerabilities being exploited in the wild, but users are advised to update their applications as soon as possible.

Related: SAP Patches Critical NetWeaver Vulnerabilities

Related: ICS Patch Tuesday: Rockwell Automation Leads With 8 Security Advisories

Related: Two Exploited Vulnerabilities Patched in Android

Related: Tailoring Security Training to Specific Kinds of Threats

Latest News

CYBERNEWSMEDIAPublisher