Fortinet products: Authentication Bypass Using an Alternate Path or Channel (CVE-2024-55591) #shorts

Summary

In this episode, we tackle the critical zero-day vulnerability identified as CVE-2024-55591. This vulnerability affects Fortinet's FortiOS and FortiProxy systems and is currently being actively exploited in the wild. Join us to understand the scope and impact of this critical security issue, how attackers utilize this flaw, and the steps that can be taken to mitigate these threats.

Product details

The CVE-2024-55591 affects Fortinet's FortiOS and FortiProxy products. Specifically, it impacts FortiOS versions 7.0.0 through 7.0.16, and FortiProxy versions 7.0.0 through 7.0.19 and 7.2.0 through 7.2.12. Fortinet has long been a trusted provider of cybersecurity solutions and networking systems, and these products are widely used to secure networks across many organizations worldwide.

Vulnerability type summary

The vulnerability type for CVE-2024-55591 is an Authentication Bypass Using an Alternate Path or Channel, categorized under CWE-288. This allows unauthorized execution of commands or code, enabling attackers to gain super-admin privileges on affected systems.

Details of the vulnerability

CVE-2024-55591 exploits an issue in the Requests Handler component of FortiOS and FortiProxy, specifically through crafted requests to the Node.js websocket module. This zero-day vulnerability has been actively exploited since late 2024, allowing remote attackers to gain unauthorized super-admin access. The exploitation has led to widespread compromises of Fortinet FortiGate devices, with reports of over 48,000 vulnerable firewalls remaining exposed despite available patches.

Conclusion

With CVE-2024-55591 being added to CISA's Known Exploited Vulnerabilities catalog, it's imperative for organizations using FortiOS and FortiProxy to update their systems immediately. As Fortinet has released patches, swift action is necessary to close the gap in systems security, thereby preventing potential exploitation and mitigating the risk of unauthorized access. Stay tuned for more updates on this and other vulnerabilities in future episodes.

Watch the full video on YouTube: CVE-2024-55591

Remediation and exploitation details

This chain involves the following actors

This following systems are involved

Attack entry point

Remediation actions

Exploitation actions

Related Content

NOTE: The following related content has not been vetted and may be unsafe.

CVE database technical details

CVE ID
CVE-2024-55591
Description
An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS version 7.0.0 through 7.0.16 and FortiProxy version 7.0.0 through 7.0.19 and 7.2.0 through 7.2.12 allows a remote attacker to gain super-admin privileges via crafted requests to Node.js websocket module.
Provider
fortinet
CWE / problem types
Execute unauthorized code or commands
Affected Software Versions
Fortinet:FortiOS:[{'versionType': 'semver', 'version': '7.0.0', 'lessThanOrEqual': '7.0.16', 'status': 'affected'}],Fortinet:FortiProxy:[{'versionType': 'semver', 'version': '7.2.0', 'lessThanOrEqual': '7.2.12', 'status': 'affected'}, {'versionType': 'semver', 'version': '7.0.0', 'lessThanOrEqual': '7.0.19', 'status': 'affected'}]
Date Published
2025-01-14T14:08:34.207Z
Last Updated
2025-01-23T04:55:42.893Z