CVE-2024-55591

Published Jan 14, 2025

Last updated 8 hours ago

Exploit knownCVSS critical 9.8

Insights

Analysis from the Intruder Security Team
Published Jan 14, 2025

With the limited information that is available, we can infer that this vulnerability affects the terminal console functionality within the Fortigate admin panel. This vulnerability allows an unauthenticated attacker to create administrative accounts on the Fortinet device.

ArcticWolf have observed a handful of exploitations of this vulnerability in early December, where an unauthenticated threat actor has created administrative accounts and changed device configurations. They have listed a number of IoC's which can help with identifying any malicious activity on devices. Fortinet have also released similar IoC's for this vulnerability.

Fortinet have released patching information and their own IoC's here.

Overview

Description
An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS version 7.0.0 through 7.0.16 and FortiProxy version 7.0.0 through 7.0.19 and 7.2.0 through 7.2.12 allows a remote attacker to gain super-admin privileges via crafted requests to Node.js websocket module.
Source
psirt@fortinet.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
9.8
Impact score
5.9
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
CRITICAL

Known exploits

Data from CISA

Vulnerability name
Fortinet FortiOS Authorization Bypass Vulnerability
Exploit added on
Jan 14, 2025
Exploit action due
Jan 21, 2025
Required action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Weaknesses

psirt@fortinet.com
CWE-288

Social media

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score

21

  1. El CCN-CERT alerta de la publicación de actualizaciones por parte de @Fortinet para los productos #FortiOS y #FortiProxy, que solucionan una vulnerabilidad crítica (CVE-2024-55591). También se han publicado #IOC. ¡Actualiza! Más información 👇 https://t.co/ihGAxjmx2q https://t.

    @CCNCERT

    15 Jan 2025

    4 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. CISA adds Fortinet flaw CVE-2024-55591 to KEV Catalog #CISAKEV #Fortinet #CVE-20224-55591 https://t.co/dahRoXDzeW

    @pravin_karthik

    15 Jan 2025

    28 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. Fortinet FortiOS/FortiProxy CVE-2024-55591 Advisory Why you should never blindly block IP IOCs from threat reports: They could include IPs that: - Are spoofed - Belong to content delivery networks - Are shared (e.g., multiple websites on the same IP) - Have already been… https

    @cyb3rops

    15 Jan 2025

    3744 Impressions

    14 Retweets

    58 Likes

    5 Bookmarks

    4 Replies

    1 Quote

  4. Threat Alert: Threat actors exploit a probable 0-day in exposed management consoles of Fortine CVE-2023-37936 CVE-2024-55591 Severity: ⚠️ Critical Maturity: 💥 Mainstream Learn more: https://t.co/Fx9pdXAulM #CyberSecurity #ThreatIntel #InfoSec

    @fletch_ai

    15 Jan 2025

    16 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. ℹ️ Vulnérabilité critique CVE-2024-55591 dans les produits Fortinet : alerte de sécurité majeure pour les pros de la #sécurité 👨‍💼🔒 Restez informés sur les derniers exploits zero-day et cybermenaces. #Fortinet #Cybersécurité #AvisDeSécurité 👉 https://t.co/twOnXlgCcF

    @CyberAlertFr

    15 Jan 2025

    1 Impression

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. Fortinet製FortiOSおよびFortiProxyにおける認証回避の脆弱性(CVE-2024-55591)に関する注意喚起 https://t.co/HWyqKmr0VW @jpcert

    @yousukezan

    15 Jan 2025

    231 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. 🚨 Alerte chez Fortinet : une nouvelle faille (CVE-2024-55591) est exploitée par les cybercriminels pour compromettre massivement les firewalls Fortigate (et FortiProxy). 📄 Plus d'infos sur IT-Connect : https://t.co/fPaoSzeqJr #fortinet #cybersecurite https://t.co/fPaoSzeqJr

    @ITConnect_fr

    15 Jan 2025

    66 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  8. Fortinet製FortiOSおよびFortiProxyにおける認証回避の脆弱性(CVE-2024-55591)に関する注意喚起を公開。Fortinetは脆弱性悪用の報告を確認しているとのことです。同社が提供する最新の情報をもとに、調査および対策の適用をご検討ください。^MH https://t.co/pgkTIAyP3v

    @jpcert

    15 Jan 2025

    1341 Impressions

    9 Retweets

    8 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. 統合版 JPCERT/CC | 注意喚起: Fortinet製FortiOSおよびFortiProxyにおける認証回避の脆弱性(CVE-2024-55591)に関する注意喚起 (公開) https://t.co/FqPdLKBQ3m #itsec_jp

    @itsec_jp

    15 Jan 2025

    54 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. 注意喚起: Fortinet製FortiOSおよびFortiProxyにおける認証回避の脆弱性(CVE-2024-55591)に関する注意喚起 (公開) https://t.co/kcpfwnCylD

    @AileenWoodstock

    15 Jan 2025

    47 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  11. Fortinet 製 FortiOS の脆弱性対策について(CVE-2024-55591) 本脆弱性を悪用された場合、認証されていない遠隔の第三者によって、管理者権限を取得される可能性があります。 製品開発者は、本脆弱性を悪用する攻撃を確認していると公表しています。 https://t.co/x1M5oRvBd0

    @InfoEmission

    15 Jan 2025

    96 Impressions

    0 Retweets

    8 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  12. Critical Fortinet vulnerability CVE-2024-55591 exploited: Authentication bypass leads to super-admin access. Patch now!

    @DiGiForces

    15 Jan 2025

    51 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  13. CVE-2024-55591はFortiOSおよびFortiProxyの認証回避脆弱性(CVSS 9.6)で、攻撃者が管理者権限を取得し、ファイアウォール設定やVPNアクセスを改ざん可能。この脆弱性は特定のバージョンに影響し、Fortinetは修正版(FortiOS 7.0.17、FortiProxy 7.2.13)をリリース済み。 https://t.co/woEzqNSDMb

    @01ra66it

    15 Jan 2025

    99 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  14. ⚠️ Fortinet FortiOS/FortiProxy Zero Day Vulnerability CVE-2024-55591: (CVSS score: 9.6) is an authentication bypass vulnerability in FortiOS and FortiProxy. It allows attackers to gain super admin privileges through specially crafted Node.js websocket requests.

    @cyberthreatzip

    14 Jan 2025

    22 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  15. 🚨Heads up, IT pros! Brace yourselves as hackers exploit a fresh Fortinet firewall flaw, cracking into corporate networks. Fixes are out, but the damage may have already started. 🛡️ #CyberSecurity Fortinet has confirmed a critical vulnerability, CVE-2024-55591, in their… https:

    @IntermixTech

    14 Jan 2025

    87 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  16. CVE-2024-55591 https://t.co/JHuZsXmJjw

    @uwu_underground

    14 Jan 2025

    4255 Impressions

    2 Retweets

    70 Likes

    7 Bookmarks

    1 Reply

    0 Quotes

  17. csirt_it: ‼️ #Fortinet: rilevato lo sfruttamento attivo in rete della CVE-2024-55591 relativa ai prodotti #FortiOS e #FortiProxy Rischio: 🔴 Tipologia: 🔸 Authentication Bypass 🔗 https://t.co/MnUiJkcoFB ⚠ Importante aggiornare i prodotti interessati https://t.co/ZAklHqrYG9

    @Vulcanux_

    14 Jan 2025

    120 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  18. ‼️ #Fortinet: rilevato lo sfruttamento attivo in rete della CVE-2024-55591 relativa ai prodotti #FortiOS e #FortiProxy Rischio: 🔴 Tipologia: 🔸 Authentication Bypass 🔗 https://t.co/v2wvB8iDyG ⚠ Importante aggiornare i prodotti interessati https://t.co/mmmfJH2yHv

    @csirt_it

    14 Jan 2025

    59 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  19. CVE-2024-55591 An Authentication Bypass in FortiOS and FortiProxy may allow a remote attacker to gain super-admin privileges https://t.co/IaR5WeSRIm

    @h4x0r_dz

    14 Jan 2025

    4506 Impressions

    7 Retweets

    103 Likes

    14 Bookmarks

    0 Replies

    2 Quotes

  20. 1/ 🚨 Fortinet Alert: A critical zero-day vulnerability (CVE-2024-55591) in FortiOS & FortiProxy is being actively exploited! Attackers can bypass authentication and hijack firewalls.

    @cybrhoodsentinl

    14 Jan 2025

    106 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  21. 🚨 "Explotación masiva" de los firewalls de Fortinet con ataques de día cero 0-day ➡️ CVE-2024-55591 en FortiOS y FortiProxy (CVSS 9.6) ⚠️ Versiones afectadas: FortiOS 7.0.0-7.0.16 y FortiProxy 7.0.0-7.2.12 https://t.co/EBac0lZFEV

    @elhackernet

    14 Jan 2025

    24564 Impressions

    132 Retweets

    382 Likes

    125 Bookmarks

    1 Reply

    4 Quotes

  22. 🚨 A critical vulnerability exists in Fortinet products affecting FortiOS and FortiProxy (CVE-2024-55591). Please see the @ncsc_gov_ie advisory for further info: https://t.co/eW6ehIbA5q

    @ncsc_gov_ie

    14 Jan 2025

    157 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  23. quite a bit of exposure to the new fortiOS / fortiProxy zero-day CVE-2024-55591 instances running fortigate: http.favicon.hash:945408572 doesn't look like we can extract versions can we 🤔 https://t.co/Yv3gdAwhML

    @rxerium

    14 Jan 2025

    382 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  24. ⚠️Alerte CERT-FR⚠️ CERTFR-2025-ALE-002 : La vulnérabilité CVE-2024-55591 affecte les équipements Fortinet et permet à un attaquant non authentifié de provoquer une exécution de code arbitraire à distance. Elle est activement exploitée. https://t.co/MyPadDslHo

    @CERT_FR

    14 Jan 2025

    13944 Impressions

    25 Retweets

    44 Likes

    7 Bookmarks

    1 Reply

    4 Quotes

  25. #CVE Alert CVE-2024-55591, affecting Fortinet FortiOS and FortiProxy, is exploited in the wild. 🔗 https://t.co/NmzWAWpUo1 🔗 https://t.co/i3YFaked03 🔗 https://t.co/nVphCmGhmP #CTIRadar

    @CTIRadar

    14 Jan 2025

    39 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  26. Active Exploitation of CVE-2024-55591: FortiOS and FortiProxy Under Threat A critical vulnerability identified as CVE-2024-55591 (CVSS 9.6) is actively being exploited in the wild, posing a severe risk to #Fortinet's #FortiOS and #FortiProxy products https://t.co/9nYAt2xrKH

    @the_yellow_fall

    14 Jan 2025

    602 Impressions

    5 Retweets

    15 Likes

    3 Bookmarks

    0 Replies

    0 Quotes

  27. [CVE-2024-55591: CRITICAL] Critical CWE-288 vulnerability in FortiOS and FortiProxy versions 7.0.0-7.2.12 enables remote attackers super-admin access via Node.js websocket module. #cybersecurity#cybersecurity,#vulnerability https://t.co/YsJNWRIAaH https://t.co/7tXkpTem09

    @CveFindCom

    14 Jan 2025

    152 Impressions

    0 Retweets

    0 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  28. CVE-2024-55591 An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS version 7.0.0 through 7.0.16 and FortiProxy version 7.0.0 throug… https://t.co/YEBW2HJnok

    @CVEnew

    14 Jan 2025

    247 Impressions

    0 Retweets

    0 Likes

    1 Bookmark

    0 Replies

    0 Quotes

References