Fortinet, Ivanti, Intel Patch High-Severity Vulnerabilities

Fortinet, Ivanti, and Intel on Tuesday rolled out security fixes for dozens of vulnerabilities, including high-severity bugs that could be exploited for arbitrary code execution, privilege escalation, or security protection bypasses.

Fortinet announced patches for 22 security defects across its products, including high-severity flaws in FortiWeb, FortiSwitchAXFixed, FortiManager, and FortiClientLinux.

The FortiWeb, FortiSwitchAXFixed, and FortiManager issues could be exploited by remote, unauthenticated attackers to bypass the authentication rate limit or execute unauthorized code or commands.

The FortiClientLinux weakness, described as a Symlink following vulnerability, could allow local attackers to escalate their privileges to root.

On Tuesday, Fortinet also addressed medium- and low-severity flaws that could lead to data tampering, security protection bypasses, arbitrary code execution, information disclosure, denial-of-service (DoS), arbitrary command execution, privilege escalation, or social engineering attacks.

Fortinet made no mention of any of these vulnerabilities being exploited in the wild.

Advertisement. Scroll to continue reading.

Ivanti rolled out fixes for a high-severity security defect in Desktop and Server Management (DSM) before version 2026.1.1 that could allow attackers to elevate their privileges, noting that it is not aware of the flaw being exploited.

Intel published an advisory describing nine vulnerabilities in the UEFI for some Intel reference platforms, including five high-severity bugs that could lead to local code execution, privilege escalation, and information disclosure.

UEFI firmware updates were released for over 45 Intel processor models affected by these security defects. None of these appears to have been exploited in the wild.

Originally published by SecurityWeek

Full Analysis