Citrix and Fortinet on Tuesday announced patches for over a dozen vulnerabilities, including high-severity flaws impacting NetScaler and FortiOS.

Citrix released fixes for two bugs in NetScaler ADC and NetScaler Gateway, two issues in Session Recording, and one security defect in XenServer and Hypervisor.

Tracked as CVE-2024-8534, the high-severity NetScaler vulnerability is described as a memory safety bug that could lead to memory corruption or denial-of-service (DoS).

It only impacts appliances configured as gateways that have the RDP feature enabled or have an RDP proxy server profile set to gateway, or are configured as an auth server with the RDP feature enabled.

Citrix addressed the bug in NetScaler ADC and NetScaler Gateway versions 14.1-29.72, 13.1-55.34, 13.1-FIPS 13.1-37.207, 12.1-FIPS 12.1-55.321, and 12.1-NDcPP 12.1-55.321, but warns that versions 12.1 and 13.0, which have been discontinued, are also affected.

The tech giant also patched medium-severity flaws in NetScaler and Session Recording, and announced a hotfix for CVE-2024-45818, a medium-severity issue in XenServer 8 and Hypervisor 8.2 CU1 LTSR that could lead to crashes and DoS.

Citrix makes no mention of any of these security defects being exploited in the wild. Additional information can be found on the company’s security bulletins page.

On Tuesday, Fortinet announced fixes for a dozen vulnerabilities, including two high-severity bugs in FortiOS, FortiAnalyzer, and FortiManager.

The FortiOS issue, tracked as CVE-2023-50176, could allow an “unauthenticated attacker to hijack a user session via a phishing SAML authentication link”. Patches were included in FortiOS versions 7.4.4, 7.2.8, and 7.0.14.

Tracked as CVE-2024-23666, the FortiManager and FortiManager bug could allow an “authenticated attacker with at least read-only permission to execute sensitive operations via crafted requests”.

Fixes were included in FortiAnalyzer versions 7.4.3, 7.2.6, 7.0.13, and 6.4.15, FortiAnalyzer-BigData versions 7.4.1 and 7.2.7, and FortiManager versions 7.4.3, 7.2.6, 7.0.13, and 6.4.15.

The company also announced patches for multiple medium- and low-severity flaws in FortiAnalyzer and FortiManager, some of which also impact FortiOS, FortiPAM, FortiPortal, FortiProxy and FortiSwitchManager. Additional information can be found on the company’s PSIRT advisories page.

On Tuesday, the US cybersecurity agency CISA warned that threat actors could exploit some of the newly patched Citrix and Fortinet vulnerabilities to take over the affected systems, urging administrators to apply the necessary updates as soon as possible.

Related: SAP Patches High-Severity Vulnerability in Web Dispatcher

Related: Unpatched Vulnerabilities Allow Hacking of Mazda Cars: ZDI

Related: Yokogawa Patches Flaws Allowing Disruption, Manipulation of Physical Processes

Related: Philips Working on Patches for Vulnerabilities Found in Medical Products