SECURITYWEEK NETWORK:

ICS:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Fortinet, Ivanti, Nvidia Release Security Updates

High-severity vulnerabilities could lead to remote code execution, privilege escalation, information disclosure, and configuration tampering.

Fortinet, Ivanti, and Nvidia on Tuesday announced security updates that address over a dozen high- and medium-severity vulnerabilities across their product portfolios.

Ivanti resolved two high-severity insufficient filename validation issues in Endpoint Manager (EPM) that could be exploited remotely, without authentication, to execute arbitrary code. The exploitation of both defects, however, require user interaction.

Additionally, the company announced patches for five high- and six medium-severity vulnerabilities in Connect Secure, Policy Secure, ZTA Gateways, and Neurons for Secure Access.

The most severe of the security holes include a missing authorization issue leading to HTML5 connection hijacking, a CSRF bug leading to the unauthenticated execution of sensitive actions, and missing authorization flaws that allow attackers to configure authentication-related settings.

Patches were included in EPM versions 2024 SU3 SR 1 and 2022 SU8 SR 2, Connect Secure versions 22.7R2.9 and 22.8R2, Policy Secure version 22.7R1.5, ZTA Gateways version 22.8R2.3-723, and Neurons for Secure Access version 22.8R1.4.

“We have no evidence of any of these vulnerabilities being exploited in the wild,” Ivanti notes in its security update announcement.

Advertisement. Scroll to continue reading.

Fortinet released fixes for a medium-severity OS command injection bug in FortiDDoS that could lead to code execution, and for a medium-severity path traversal flaw in FortiWeb leading to arbitrary file read.

Nvidia rolled out fixes for one high- and two medium-severity defects in the NVDebug tool that could allow attackers to access privileged accounts, write files to restricted components, or run code as non-privileged users.

The issues could be exploited for code execution, privilege escalation, denial-of-service (DoS), information disclosure, or data tampering, and were resolved in NVDebug tool version 1.7.0.

Neither Fortinet nor Nvidia make any mention of these vulnerabilities being exploited in the wild, but users are advised to update their applications as soon as possible.

Related: SAP Patches Critical NetWeaver Vulnerabilities

Related: ICS Patch Tuesday: Rockwell Automation Leads With 8 Security Advisories

Related: Two Exploited Vulnerabilities Patched in Android

Related: Tailoring Security Training to Specific Kinds of Threats

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

More from

Latest News

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Webinar: A Step-by-Step Approach to AI Governance
April 28, 2026

With "Shadow AI" usage becoming prevalent in organizations, learn how to balance the need for rapid experimentation with the rigorous controls required for enterprise-grade deployment.

Register

Virtual Event: Threat Detection and Incident Response Summit
May 20, 2026

Delve into big-picture strategies to reduce attack surfaces, improve patch management, conduct post-incident forensics, and tools and tricks needed in a modern organization.

Register

People on the Move

MongoDB has appointed Doug Bowers as Chief Information Security Officer.

Ben Wilkens has been promoted to Director of Cybersecurity at NMFTA.

Cato Networks has appointed Meital Koren as Chief Legal Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.