CVE-2024-55591
by Vertek Labs
Fortinet Authentication Bypass Zero-Day Vulnerability Affected Versions and Patches
Summary:
On 1/14/2025, Fortigate published a critical vulnerability tracked as CVE-2024-55591 that affects FortiOS and FortiProxy. A successful exploitation of this vulnerability could allow a remote attacker to execute unauthorized commands and gain super-admin privileges. It is important to note that there have been reports of this being exploited in the wild.
Affected Versions and solutions:
Version | Affected | Solutions |
FortiOS 7.0 | 7.0.0 through 7.0.16 | Upgrade to 7.0.17 or above |
FortiProxy 7.2 | 7.2.0 through 7.2.12 | Upgrade to 7.2.13 or above |
FortiProxy 7.0 | 7.0.0 through 7.0.19 | Upgrade to 7.0.20 or above |
Workarounds:
Vertek strongly recommends patching your affected Fortinet products, but if a patch cannot be done right away, Fortinet has published a couple of work arounds:
Disable HTTP/HTTPS administrative interface
OR
Limit IP addresses that can reach the administrative interface via local-in policies
More information on how to accomplish that can be found here.
Vertek’s Response:
Vertek has created an OTX pulse of indicators of compromise that have been published. We will continue to add indicators as they become available.
In addition to the OTX pulse, we have also created a custom alarm rule in USM Anywhere that alerts on successful admin logins and object attribute configuration changes that are being made by accounts accessing the device through the jsconsole.
References:
Fortinet warns of auth bypass zero-day exploited to hijack firewalls
Recommended Posts
Cyberstrike: Training for Nation State Attacks
February 11, 2025
Hedge Fund Manager Case Study
January 24, 2025
Microsoft Exposure Assessments
October 29, 2024