CVE-2024-55591

Fortinet Authentication Bypass Zero-Day Vulnerability Affected Versions and Patches  

Summary:  

On 1/14/2025, Fortigate published a critical vulnerability tracked as CVE-2024-55591 that affects FortiOS and FortiProxy. A successful exploitation of this vulnerability could allow a remote attacker to execute unauthorized commands and gain super-admin privileges. It is important to note that there have been reports of this being exploited in the wild.  

Affected Versions and solutions: 

Version  Affected  Solutions 
FortiOS 7.0  7.0.0 through 7.0.16  Upgrade to 7.0.17 or above 
FortiProxy 7.2  7.2.0 through 7.2.12  Upgrade to 7.2.13 or above 
FortiProxy 7.0  7.0.0 through 7.0.19  Upgrade to 7.0.20 or above 

 

Workarounds:  

Vertek strongly recommends patching your affected Fortinet products, but if a patch cannot be done right away, Fortinet has published a couple of work arounds:  

Disable HTTP/HTTPS administrative interface 

OR 

Limit IP addresses that can reach the administrative interface via local-in policies 

More information on how to accomplish that can be found here 

Vertek’s Response: 

Vertek has created an OTX pulse of indicators of compromise that have been published. We will continue to add indicators as they become available.  

In addition to the OTX pulse, we have also created a custom alarm rule in USM Anywhere that alerts on successful admin logins and object attribute configuration changes that are being made by accounts accessing the device through the jsconsole.   

 

References:  

PSIRT | FortiGuard Labs 

Fortinet warns of auth bypass zero-day exploited to hijack firewalls 

Console Chaos: A Campaign Targeting Publicly Exposed Management Interfaces on Fortinet FortiGate Firewalls – Arctic Wolf 

  

Share

Recommended Posts