Known Exploited Fortinet FortiOS Vulnerabilities - 20250115005

Overview

Fortinet has identified an Authentication Bypass vulnerability using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS and FortiProxy, which may allow remote attackers to gain super-admin privileges via crafted requests to Node.js websocket module.

What is vulnerable?

Product(s) Affected	Version(s)	CVE	CVSS	Severity
FortiOS 7.0	7.0.0 through 7.0.16	CVE-2024-55591	9.6	Critical
FortiProxy 7.0 FortiProxy 7.2	7.0.0 through 7.0.19 7.2.0 through 7.2.12	CVE-2024-55591	9.6	Critical

Recommendation

The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of 48 hours... (refer Patch Management):

• Fortinet: https://fortiguard.fortinet.com/psirt/FG-IR-24-535

Additional References

• Tenable: https://www.tenable.com/blog/cve-2024-55591-fortinet-authentication-bypass-zero-day-vulnerability-exploited-in-the-wild
• ACSC: https://www.cyber.gov.au/about-us/view-all-content/alerts-and-advisories/fortios-fortiproxy-authentication-bypass-nodejs-websocket-module-vulnerability