Fortinet Patches 22 Flaws, Administrators Must Update Immediately!

Fortinet Patches 22 Flaws, Administrators Must Update Immediately!

Category: <h2 class="cBlue inline m-r-10">Arti<span class="cOrange">cles</span></h2>

Information:

   Fortinet is a global cybersecurity leader famous for its Fortinet Security Fabric, an integrated ecosystem that automates protection across networks and devices using custom-built ASIC chips for superior speed. Leading products include FortiGate (Next-Gen Firewalls), FortiClient (Endpoint Security), FortiAP (Secure Wireless), and FortiAnalyzer (Centralized Logging & Analytics), all working together to provide seamless, real-time defense.

Incident:

  Fortinet has released security updates addressing 22 vulnerabilities, including high-severity flaws affecting FortiWeb, FortiSwitchAX, FortiManager, and FortiClientLinux. If exploited, these high-severity issues could enable remote, unauthenticated attackers to circumvent authentication rate limits or execute unauthorized code and commands.

  The update also resolves several medium- and low-severity vulnerabilities. These flaws pose risks ranging from data tampering and security bypasses to denial-of-service (DoS), privilege escalation, and information disclosure. At this time, Fortinet reports no evidence that any of these vulnerabilities are being actively exploited in the wild.

Incident:

  CVE-2026-22627 (Critical - CVSS 8.8)

  This vulnerability in Fortinet FortiSwitchAXFixed1 can be exploited by an attacker who has access to the same local network segment as the affected system. Because it does not require authentication and has low attack complexity, exploitation may straightforward.

  If successfully exploited, this vulnerability may allow authenticated attacker within the same adjacent network to execute unauthorized code or commands on the device via sending a crafted LLDP packet.

Incident:

  CVE-2025-54820 (Critical – CVSS 8.1)

  This vulnerability in Fortinet FortiManager 7 is remotely exploitable over the network and does not require authentication.

  Although the attack complexity is high, meaning specific conditions must be met, successful exploitation can have severe consequences.

  An attacker who successfully exploits this vulnerability may allow a remote unauthenticated attacker to execute unauthorized commands via crafted requests, if the service is enabled. The success of the attack depends on the ability to bypass the stack protection mechanisms.

Incident:

  CVE-2026-24017 (Critical – CVSS 8.1)

  This vulnerability in Fortinet FortiWeb 8 shares similar characteristics to CVE-2025-54820 and is also remotely exploitable without authentication.

  If exploited, this vulnerability may allow a remote unauthenticated attacker to bypass the authentication rate-limit via crafted requests. The success of the attack depends on the attacker's resources and the password target complexity.

Incident:

  CVE-2026-24018 (High – CVSS 7.8)

  This is a vulnerability in Fortinet FortiClientLinux 7 local privilege escalation vulnerability that requires an attacker to already have low-level access to the system.

  Because exploitation is considered low complexity, an attacker who gains initial access through another vector may quickly escalate privileges.

  Successful exploitation may allow a local and unprivileged user to escalate their privileges to root.

 The important things is Security systems. We must concern and monitor as usual.
For more information please contact
Email :sales@inetms.co.th
065 149 2822 (Ms.Suphatson )
063 204 4534 (Ms.Atsamaphorn)
065 929 6330 (Ms.Kansinee)
061 387 9439 (Ms.Sirilak)
092 257 6902 (Ms.Narusorn)
063 197 7510 (Mr.Yanotai)
065 725 7405 (Ms.Nattharini)
065 725 7405 (Ms.Donraya)

Recommendation:

  • Update to the patched versions listed below:

    Version

    Affected

    Solution

    FortiSwitchAXFixed 1.0

    1.0.0 through 1.0.1

    Upgrade to 1.0.2 or above

    FortiManager 7.6

    Not affected

    Not Applicable

    FortiManager 7.4

    7.4.0 through 7.4.2

    Upgrade to 7.4.3 or above

    FortiManager 7.2

    7.2.0 through 7.2.10

    Upgrade to 7.2.11 or above

    FortiManager 6.4

    6.4 all versions

    Migrate to a fixed release

    FortiWeb 8.0

    8.0.0 through 8.0.2

    Upgrade to 8.0.3 or above

    FortiWeb 7.6

    7.6.0 through 7.6.5

    Upgrade to 7.6.6 or above

    FortiWeb 7.4

    7.4.0 through 7.4.10

    Upgrade to 7.4.11 or above

    FortiWeb 7.2

    7.2.0 through 7.2.11

    Upgrade to 7.2.12 or above

    FortiWeb 7.0

    7.0.0 through 7.0.11

    Upgrade to 7.0.12 or above

    FortiClientLinux 8.0

    Not affected

    Not Applicable

    FortiClientLinux 7.4

    7.4.0 through 7.4.4

    Upgrade to 7.4.5 or above

    FortiClientLinux 7.2

    7.2.2 through 7.2.12

    Upgrade to 7.2.13 or above

Reference :

Weekly Interesting CVE

NO.

CVE Name

Published Date

Last Update

Device/Appplication/OS Target

Attack Type

CVSS
Severity Rating

Detail

Solution

Reference
1

CVE-2026-3224

03/03/2026

05/03/2026

Microsoft Entra ID (Azure AD)

Authentication Bypass

9.8

Authentication bypass in the Microsoft Entra ID (Azure AD) authentication mode in Devolutions Server 2025.3.15.0 and earlier allows an unauthenticated user to authenticate as an arbitrary Entra ID user via a forged JSON Web Token (JWT).

Upgrade to Devolutions Server 2025.3.16 or higher
If upgrade is not possible,
Microsoft authentication mode should be disabled.

https://devolutions.net/security/advisories/DEVO-2026-0005/

 

 
2

CVE-2026-3136

03/03/2026

05/03/2026

GitHub Trigger Comment Control in Google Cloud Build prior to 2026-1-26

Improper authorization

9.8

An improper authorization vulnerability in GitHub Trigger Comment Control in Google Cloud Build prior to 2026-1-26 allows a remote attacker to execute arbitrary code in the build environment.

This vulnerability was patched on 26 January 2026, and no customer action is needed.

https://docs.cloud.google.com/build/docs/release-notes#March_03_2026

 
3

CVE-2026-3540

04/03/2026

05/03/2026

WebAudio in Google Chrome prior to 145.0.7632.159

Out of bounds memory access

8.8

Inappropriate implementation in WebAudio in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

update to 145.0.7632.159/160 for Windows/Mac and 145.0.7632.159 for Linux

https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop.html
 4

CVE-2026-2743

05/03/2026

05/03/2026

SeppMail User Web Interface

Path Traversal

10.0

Arbitrary File Write via Path Traversal upload to Remote Code Execution in SeppMail User Web Interface. The affected feature is the large file transfer (LFT). This issue affects SeppMail: 15.0.2.1 and before

Update to version 15.0.3 or latest version

https://downloads.seppmail.com/extrelnotes/150/ERN15.0.html

 
5

CVE-2026-29000

04/03/2026

05/03/2026

pac4j-jwt versions prior to 4.5.9, 5.7.9, and 6.3.3

authentication bypass

10.0

improper verification of cryptographic signatures in the JwtAuthenticator component when processing encrypted JWTs (JWE). A remote, unauthenticated threat actor who knows the server’s RSA public key can bypass authentication and impersonate arbitrary users (including administrators) by submitting a crafted JWE whose inner token is an unsigned PlainJWT.

Update to version 4.5.9, 5.7.9 and 6.3.3 or latest version

https://arcticwolf.com/resources/blog/cve-2026-29000/

 

 

Malware News or Campaign IOC/IOA | EN

No

Campaign Name

Detection Date

Attack

Type

  

Description

  

Mitigation/Remediation
1

Browser extension weaponization for malware delivery examined

06/03/2026

Malware

Researchers from LayerX conducted an experiment on the use of web browser extensions to distribute malware by creating an extension called “Totally Innocent Extension.” They then downloaded a program from its official website to test the scenario.The results showed that even when a program was downloaded from a legitimate website, the extension was still able to modify the downloaded file or inject malicious code into it. If the compromised program were executed, it could potentially lead to data theft and even spread further within an organization’s network.​
  • Avoid use Extension from untrusted or unexpected sources​
  • Download software only from official sources​
  • Keep systems and software up to date​

Ref: https://www.scworld.com/brief/fake-7-zip-website-distributes-trojanized-installer-turns-pcs-into-proxy-nodes

17 March 2026

Viewed 35 time

Engine by shopup.com