Tools

Tools: 22 Fortinet Patches, 2 Ivanti Auth Bypasses, 9 Intel UEFI Bugs — Your March 2026 Patching Cheat Sheet

2026-04-04 0 views admin
Tools: 22 Fortinet Patches, 2 Ivanti Auth Bypasses, 9 Intel UEFI Bugs — Your March 2026 Patching Cheat Sheet

The Fortinet Patch Dump: What Actually Matters

CVE-2026-22153: The Auth Bypass You Need to Fix Today

CVE-2025-25249: Heap Overflow → Remote Code Execution

Ivanti: Two More Auth Problems

Your Prioritized Patching Plan

Priority 1: FortiOS 7.6.x (CVE-2026-22153) — This Week

Priority 2: FortiOS/FortiSwitchManager (CVE-2025-25249) — Within 2 Weeks

Priority 3: FortiClientLinux (CVE-2026-24018) — Next Maintenance Window

Priority 4: Ivanti EPM (CVE-2026-1603) — Within 2 Weeks

Priority 5: Intel UEFI Firmware — Next Quarterly Window

Why Does Fortinet Keep Having Auth Bypasses?

Post-Patch: Check for Pre-Patch Exploitation

The Bigger March 2026 Picture Fortinet dropped 22 security patches on March 11, 2026, including a FortiOS authentication bypass (CVE-2026-22153) that lets unauthenticated attackers slip past LDAP-based VPN and FSSO policies. The same patch cycle addresses a heap buffer overflow (CVE-2025-25249) in FortiOS and FortiSwitchManager enabling remote code execution. Ivanti simultaneously patched a high-severity auth bypass in Endpoint Manager. If you manage FortiGate firewalls, Ivanti EPM, or Intel-based infrastructure, here's your prioritized action plan. TL;DR: FortiOS 7.6.0–7.6.4 has an auth bypass that grants unauthorized network access without credentials. Patch to 7.6.5+ immediately if you use Agentless VPN or FSSO with LDAP. Fortinet released fixes for 22 security defects across its portfolio. Here's the breakdown of what you need to care about: None are currently exploited in the wild. But Fortinet's track record says exploitation follows disclosure by days, not weeks. CVE-2026-24858 — a related FortiOS SSO auth bypass — was actively exploited in January 2026 with attackers creating rogue admin accounts before patches even shipped. This is a CWE-288 authentication bypass in FortiOS that lets an unauthenticated attacker bypass LDAP authentication for Agentless VPN or FSSO policies. Successful exploitation grants unauthorized access to network resources without valid credentials. The catch: it requires a specific LDAP server configuration. But Agentless VPN and FSSO are exactly the features that enterprise networks deploy at scale. If your FortiGate authenticates remote users or maps AD users to firewall policies via FSSO, you're in the blast radius. Affected: FortiOS 7.6.0 through 7.6.4

Fix: Update to FortiOS 7.6.5+ A heap-based buffer overflow (CWE-122) in the cw_acd daemon of FortiOS and FortiSwitchManager. Remote unauthenticated attackers can execute arbitrary code via crafted requests. The version spread is brutal: That covers essentially every FortiOS release train still in production. Ivanti released patches in Endpoint Manager 2024 SU5: CVE-2026-1603 is the bigger concern — an auth bypass that exposes credential data remotely. Given Ivanti's history (CVE-2025-22457 in Connect Secure was a zero-day RCE exploited before the patch), don't sit on this one. Based on severity, exploitability, and typical network exposure: If you run Agentless VPN or FSSO with LDAP authentication, this is job #1. The heap overflow affects nearly all FortiOS versions. Attack complexity is high, but impact is full RCE. Schedule alongside your CVE-2026-22153 patching. Local privesc to root via symlink following. If you deploy FortiClient on Linux endpoints, queue it up. Update to EPM 2024 SU5. Auth bypass + credential exposure = potential cascade. Intel published advisory INTEL-SA-01234 with nine UEFI vulnerabilities across 45+ processor models. Five rated high severity. Requires local access, so lower urgency — but UEFI compromises persist across OS reinstalls. This is the pattern that should concern you: multiple authentication bypass vulnerabilities within Q1 2026 alone. CVE-2026-24858 was actively exploited as a zero-day in January: Now CVE-2026-22153 arrives — another auth bypass, same vulnerability class (CWE-288). This suggests a systemic issue in how FortiOS handles authentication flows. If Fortinet is your primary perimeter defense: Even after patching, verify these weren't exploited before your update window: For CVE-2026-22153 (LDAP bypass): For CVE-2025-25249 (heap overflow): For Ivanti EPM (CVE-2026-1603): This wasn't just Fortinet and Ivanti. March 2026 was one of the heaviest patch loads of the year: If you haven't built an automated patch validation pipeline (test → staging → production), March 2026 is your wake-up call. Disclosure: This article was adapted from original research with AI assistance in editing and formatting. Templates let you quickly answer FAQs or store snippets for re-use. Hide child comments as well For further actions, you may consider blocking this person and/or reporting abuse

Command

Copy

# Check your current FortiOS version get system -weight: 500;">status # Verify LDAP server configuration show user ldap # Check if Agentless VPN or FSSO is configured show user fsso diagnose debug application fssod -1 # Check your current FortiOS version get system -weight: 500;">status # Verify LDAP server configuration show user ldap # Check if Agentless VPN or FSSO is configured show user fsso diagnose debug application fssod -1 # Check your current FortiOS version get system -weight: 500;">status # Verify LDAP server configuration show user ldap # Check if Agentless VPN or FSSO is configured show user fsso diagnose debug application fssod -1 # Check for unexpected VPN sessions diagnose vpn tunnel list get vpn ssl monitor # Review admin login history diagnose sys admin list # Check for unauthorized policy changes execute log filter device 0 execute log filter category 1 execute log display # Check for unexpected VPN sessions diagnose vpn tunnel list get vpn ssl monitor # Review admin login history diagnose sys admin list # Check for unauthorized policy changes execute log filter device 0 execute log filter category 1 execute log display # Check for unexpected VPN sessions diagnose vpn tunnel list get vpn ssl monitor # Review admin login history diagnose sys admin list # Check for unauthorized policy changes execute log filter device 0 execute log filter category 1 execute log display # Monitor crashlog for cw_acd daemon diagnose debug crashlog read # Check for unexpected processes fnsysctl ls -la /tmp/ # Monitor crashlog for cw_acd daemon diagnose debug crashlog read # Check for unexpected processes fnsysctl ls -la /tmp/ # Monitor crashlog for cw_acd daemon diagnose debug crashlog read # Check for unexpected processes fnsysctl ls -la /tmp/ - FortiOS 7.6.0–7.6.3 - FortiOS 7.4.0–7.4.8 - FortiOS 7.2.0–7.2.11 - FortiOS 7.0.0–7.0.17 - FortiOS 6.4.0–6.4.16 - FortiSwitchManager 7.2.0–7.2.5 - FortiSwitchManager 7.0.0–7.0.5 - Attackers created unauthorized local admin accounts on FortiGate appliances - Downloaded full device configurations (including VPN credentials) - Modified firewall policies to -weight: 500;">enable persistent access - Don't rely solely on FortiGate for auth — integrate with a dedicated IdP - Enforce MFA at every layer - Monitor for config changes via FortiAnalyzer or SIEM - Consider defense-in-depth beyond a single-vendor auth stack - Review EPM audit logs for unusual auth events - Check for new/modified admin accounts - Monitor SQL query logs for injection patterns - Microsoft: 83 vulnerabilities including two publicly disclosed zero-days - Adobe: 80 vulnerabilities across eight products - SAP: Critical NetWeaver flaws - Siemens, Schneider, Moxa, Mitsubishi Electric: ICS/OT patches

🏷️ Tags

toolsutilitiessecurity toolsfortinetpatchesivantibypassesintelmarchpatching

More from Tools

Tools: Essential Guide: Devices Paralelos Bacula: Configurar 10 Devices para Alta Concorrência

Tools: Essential Guide: Devices Paralelos Bacula: Configurar 10 Devices para Alta Concorrência

2026-04-04 0
Tools: Latest: Why SSH Key Management Is Broken and How Certificates Fix It

Tools: Latest: Why SSH Key Management Is Broken and How Certificates Fix It

2026-04-04 0
Tools: Windows 11 Security Hardening: Practical Steps That Actually Matter (2026)

Tools: Windows 11 Security Hardening: Practical Steps That Actually Matter (2026)

2026-04-04 0
Tools: Report: How to Convert WebP to JPG (5 Free Methods)

Tools: Report: How to Convert WebP to JPG (5 Free Methods)

2026-04-04 0

Trending

1

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

2025-10-27 • 189 views
2

CVE-2025-43939: Dell Unity OS Command Injection (High)

2025-10-30 • 148 views
3

Google disputes false claims of massive Gmail data breach

2025-10-30 • 130 views
4

Microsoft: DNS outage impacts Azure and Microsoft 365 services

2025-10-30 • 88 views
5

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting

2025-11-25 • 81 views