Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Fortinet, Zoom Patch Multiple Vulnerabilities

Fortinet and Zoom have released patches for multiple vulnerabilities in their products, including high-severity bugs.

Patches announced on Tuesday by Fortinet and Zoom address multiple vulnerabilities, including high-severity flaws leading to information disclosure and privilege escalation in Zoom products.

Fortinet released patches for three security defects impacting FortiOS, FortiAnalyzer, FortiManager, FortiProxy, FortiPAM, and FortiSwitchManager, including two medium-severity flaws and a low-severity bug.

The medium-severity issues, one impacting FortiOS and the other affecting FortiAnalyzer and FortiManager, could allow attackers to bypass the file integrity checking system and modify admin passwords via the device configuration backup, respectively.

The third vulnerability, which impacts FortiOS, FortiProxy, FortiPAM, and FortiSwitchManager GUI, “may allow attackers to re-use websessions after GUI logout, should they manage to acquire the required credentials,” the company notes in an advisory.

Fortinet makes no mention of any of these vulnerabilities being exploited in attacks. Additional information can be found on the company’s PSIRT advisories page.

Zoom on Tuesday announced patches for 15 vulnerabilities across its products, including two high-severity issues.

The most severe of these bugs, tracked as CVE-2024-39825 (CVSS score of 8.5), impacts Zoom Workplace apps for desktop and mobile devices, and Rooms clients for Windows, macOS, and iPad, and could allow an authenticated attacker to escalate their privileges over the network.

The second high-severity issue, CVE-2024-39818 (CVSS score of 7.5), impacts the Zoom Workplace applications and Meeting SDKs for desktop and mobile, and could allow authenticated users to access restricted information over the network.

Advertisement. Scroll to continue reading.

On Tuesday, Zoom also published seven advisories detailing medium-severity security defects impacting Zoom Workplace apps, SDKs, Rooms clients, Rooms controllers, and Meeting SDKs for desktop and mobile.

Successful exploitation of these vulnerabilities could allow authenticated threat actors to achieve information disclosure, denial-of-service (DoS), and privilege escalation.

Zoom users are advised to update to the latest versions of the affected applications, although the company makes no mention of these vulnerabilities being exploited in the wild. Additional information can be found on Zoom’s security bulletins page.

Related: Fortinet Patches Code Execution Vulnerability in FortiOS

Related: Several Vulnerabilities Found in Google’s Quick Share Data Transfer Utility

Related: Zoom Paid Out $10 Million via Bug Bounty Program Since 2019

Related: Aiohttp Vulnerability in Attacker Crosshairs

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Hear from experts as they explore the latest trends, challenges and innovations in Attack Surface Management.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

Jill Popelka has been appointed CEO at Darktrace, after serving as COO for three months.

GitHub has appointed Alexis Wales as its new Chief Information Security Officer.

Cybersecurity and intelligence solutions provider Nightwing has appointed Christopher Jones as CTO and CDO.

More People On The Move

Expert Insights