Known Exploited Fortinet FortiOS Vulnerabilities - 20250115005¶
Overview¶
Fortinet has identified an Authentication Bypass vulnerability using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS and FortiProxy, which may allow remote attackers to gain super-admin privileges via crafted requests to Node.js websocket module.
What is vulnerable?¶
Product(s) Affected | Version(s) | CVE | CVSS | Severity |
---|---|---|---|---|
FortiOS 7.0 | 7.0.0 through 7.0.16 | CVE-2024-55591 CVE-2025-24472 |
9.6 8.1 |
Critical High |
FortiProxy 7.0 FortiProxy 7.2 |
7.0.0 through 7.0.19 7.2.0 through 7.2.12 |
CVE-2024-55591 CVE-2025-24472 |
9.6 8.1 |
Critical High |
Recommendation¶
The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of 48 hours... (refer Patch Management):
Additional References¶
- Tenable: https://www.tenable.com/blog/cve-2024-55591-fortinet-authentication-bypass-zero-day-vulnerability-exploited-in-the-wild
- ACSC: https://www.cyber.gov.au/about-us/view-all-content/alerts-and-advisories/fortios-fortiproxy-authentication-bypass-nodejs-websocket-module-vulnerability
- Security Affairs: https://securityaffairs.com/174117/hacking/fortinet-fortios-zero-day-exploited.html
- Bleeping Computers: https://www.bleepingcomputer.com/news/security/fortinet-discloses-second-firewall-auth-bypass-patched-in-january
Change Log¶
- 2025-01-15 : Initial Publication
- 2025-02-12 : Added new vulnerability (CVE) disclosed by Fortinet