Fortinet and Zoom have released patches for multiple vulnerabilities in their products, including high-severity bugs.
August 14, 2024 By Eduard Kovacs
Patches announced on Tuesday by Fortinet and Zoom address multiple vulnerabilities, including high-severity flaws leading to information disclosure and privilege escalation in Zoom products.
Fortinet released patches for three security defects impacting FortiOS, FortiAnalyzer, FortiManager, FortiProxy, FortiPAM, and FortiSwitchManager, including two medium-severity flaws and a low-severity bug.
The medium-severity issues, one impacting FortiOS and the other affecting FortiAnalyzer and FortiManager, could allow attackers to bypass the file integrity checking system and modify admin passwords via the device configuration backup, respectively.
The third vulnerability, which impacts FortiOS, FortiProxy, FortiPAM, and FortiSwitchManager GUI, “may allow attackers to re-use websessions after GUI logout, should they manage to acquire the required credentials,” the company notes in an advisory.
Fortinet makes no mention of any of these vulnerabilities being exploited in attacks. Additional information can be found on the company’s PSIRT advisories page.
Zoom on Tuesday announced patches for 15 vulnerabilities across its products, including two high-severity issues.
The most severe of these bugs, tracked as CVE-2024-39825 (CVSS score of 8.5), impacts Zoom Workplace apps for desktop and mobile devices, and Rooms clients for Windows, macOS, and iPad, and could allow an authenticated attacker to escalate their privileges over the network.
The second high-severity issue, CVE-2024-39818 (CVSS score of 7.5), impacts the Zoom Workplace applications and Meeting SDKs for desktop and mobile, and could allow authenticated users to access restricted information over the network.
