Patches announced on Tuesday by Fortinet and Zoom address multiple vulnerabilities, including high-severity flaws leading to information disclosure and privilege escalation in Zoom products.
Fortinet released patches for three security defects impacting FortiOS, FortiAnalyzer, FortiManager, FortiProxy, FortiPAM, and FortiSwitchManager, including two medium-severity flaws and a low-severity bug.
The medium-severity issues, one impacting FortiOS and the other affecting FortiAnalyzer and FortiManager, could allow attackers to bypass the file integrity checking system and modify admin passwords via the device configuration backup, respectively.
The third vulnerability, which impacts FortiOS, FortiProxy, FortiPAM, and FortiSwitchManager GUI, “may allow attackers to re-use websessions after GUI logout, should they manage to acquire the required credentials,” the company notes in an advisory.
Fortinet makes no mention of any of these vulnerabilities being exploited in attacks. Additional information can be found on the company’s PSIRT advisories page.
Zoom on Tuesday announced patches for 15 vulnerabilities across its products, including two high-severity issues.
The most severe of these bugs, tracked as CVE-2024-39825 (CVSS score of 8.5), impacts Zoom Workplace apps for desktop and mobile devices, and Rooms clients for Windows, macOS, and iPad, and could allow an authenticated attacker to escalate their privileges over the network.
The second high-severity issue, CVE-2024-39818 (CVSS score of 7.5), impacts the Zoom Workplace applications and Meeting SDKs for desktop and mobile, and could allow authenticated users to access restricted information over the network.
On Tuesday, Zoom also published seven advisories detailing medium-severity security defects impacting Zoom Workplace apps, SDKs, Rooms clients, Rooms controllers, and Meeting SDKs for desktop and mobile.
Successful exploitation of these vulnerabilities could allow authenticated threat actors to achieve information disclosure, denial-of-service (DoS), and privilege escalation.
Zoom users are advised to update to the latest versions of the affected applications, although the company makes no mention of these vulnerabilities being exploited in the wild. Additional information can be found on Zoom’s security bulletins page.
Related: Fortinet Patches Code Execution Vulnerability in FortiOS
Related: Several Vulnerabilities Found in Google’s Quick Share Data Transfer Utility
Related: Zoom Paid Out $10 Million via Bug Bounty Program Since 2019