Critical Vulnerabilities Patched in Fortinet, Ivanti Products

https://www.securityweek.com/wp-content/uploads/2023/01/Cybersecurity_News-SecurityWeek.jpg

Fortinet and Ivanti on Tuesday rolled out fixes for multiple vulnerabilities in their products, including critical-severity OS command injection flaws.

Fortinet published three advisories describing security defects in FortiSandbox, FortiOS, FortiProxy, and FortiPortal.

The most severe of the three bugs is CVE-2026-25089 (CVSS score of 9.8), an OS command injection issue impacting FortiSandbox, FortiSandbox Cloud, and FortiSandbox PaaS WEB UI.

Remote, unauthenticated attackers could exploit the weakness via specially crafted HTTP requests to execute arbitrary commands on vulnerable appliances, the company’s advisory reads.

Patches for the CVE were included in FortiSandbox 5.0.6 and 4.4.9, FortiSandbox Cloud 5.0.6, and FortiSandbox PaaS 5.0.6.

The other two vulnerabilities that Fortinet patched on Tuesday are medium-severity flaws in FortiOS and FortiProxy, and FortiPortal API, respectively. Authenticated users could exploit them for script execution and to disclose sensitive network configuration data.

Advertisement. Scroll to continue reading.

Fortinet makes no mention of any of these security...

Copyright of this story solely belongs to securityweek.com. To see the full text click HERE

Read more

https://tii.imgix.net/production/articles/17387/831af651-45c1-42ce-a911-0325cb8d33c5.jpeg?fm=jpeg&auto=compress&w=610

Nvidia promises to financially backstop young cloud providers like Firmus that rent out its AI chips, in exchange for a revenue share through a new program

Sponsor Posts Fast, affordable law for startups — Soxton automates startup legal so founders can move faster and sleep better. We handle incorporation, advisor, employment and commercial contracts. Join the waitlist for early access! Stop vibe coding analytics — Equals AI turns questions about your business into auditable spreadsheet models and dashboards.