CVE-2024-55591

Name of the Vulnerable Software and Affected Versions FortiOS versions 7.0.0 through 7.0.16 FortiProxy versions 7.0.0 through 7.0.19 and 7.2.0 through 7.2.12

Description An authentication bypass vulnerability in FortiOS and FortiProxy allows a remote attacker to gain super-admin privileges via crafted requests to the Node.js websocket module. This issue has been actively exploited in the wild since November 2024, with nearly 50,000 Fortinet firewall devices remaining exposed to the vulnerability as of January 22, 2025. Attackers can use this vulnerability to create administrative accounts, modify device settings, and gain access to internal systems.

Recommendations FortiOS versions 7.0.0 through 7.0.16: Upgrade to version 7.0.17 or later to mitigate the risk of exploitation. FortiProxy versions 7.0.0 through 7.0.19: Upgrade to version 7.0.20 or later to mitigate the risk of exploitation. FortiProxy versions 7.2.0 through 7.2.12: Upgrade to version 7.2.13 or later to mitigate the risk of exploitation. As a temporary workaround, consider restricting or disabling administrative HTTP/HTTPS interfaces to minimize the risk of exploitation.