"Fortinet announced patches for 22 security defects across its products, including high-severity flaws in FortiWeb, FortiSwitchAXFixed, FortiManager, and FortiClientLinux. The FortiWeb, FortiSwitchAXFixed, and FortiManager issues could be exploited by remote, unauthenticated attackers to bypass the authentication rate limit or execute unauthorized code or commands."
"The FortiClientLinux weakness, described as a Symlink following vulnerability, could allow local attackers to escalate their privileges to root. Fortinet also addressed medium- and low-severity flaws that could lead to data tampering, security protection bypasses, arbitrary code execution, information disclosure, denial-of-service (DoS), arbitrary command execution, privilege escalation, or social engineering attacks."
"Intel published an advisory describing nine vulnerabilities in the UEFI for some Intel reference platforms, including five high-severity bugs that could lead to local code execution, privilege escalation, and information disclosure. UEFI firmware updates were released for over 45 Intel processor models affected by these security defects."
Fortinet patched 22 security defects across multiple products including FortiWeb, FortiSwitchAXFixed, FortiManager, and FortiClientLinux. High-severity flaws in FortiWeb, FortiSwitchAXFixed, and FortiManager allow remote unauthenticated attackers to bypass authentication rate limits or execute unauthorized code. FortiClientLinux contains a symlink following vulnerability enabling local privilege escalation to root. Additional medium and low-severity flaws address data tampering, DoS attacks, and information disclosure. Ivanti released fixes for a high-severity privilege escalation flaw in Desktop and Server Management before version 2026.1.1. Intel published an advisory for nine UEFI vulnerabilities across reference platforms, including five high-severity bugs causing local code execution and privilege escalation, with firmware updates released for over 45 processor models. None of these vulnerabilities show evidence of active exploitation.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]