CVE-2024-55591
Fortinet FortiOS Authorization Bypass Vulnerability - [Actively Exploited]
Description
An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS version 7.0.0 through 7.0.16 and FortiProxy version 7.0.0 through 7.0.19 and 7.2.0 through 7.2.12 allows a remote attacker to gain super-admin privileges via crafted requests to Node.js websocket module.
INFO
Published Date :
Jan. 14, 2025, 2:15 p.m.
Last Modified :
Jan. 23, 2025, 2 a.m.
Remotely Exploit :
Yes !
Source :
[email protected]
CISA KEV (Known Exploited Vulnerabilities)
For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild.
Fortinet FortiOS contains an authorization bypass vulnerability that may allow an unauthenticated remote attacker to gain super-admin privileges via crafted requests to Node.js websocket module.
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
https://fortiguard.fortinet.com/psirt/FG-IR-24-535 ; https://nvd.nist.gov/vuln/detail/CVE-2024-55591
CVSS Scores
| Score | Version | Severity | Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|---|
| CVSS 3.1 | CRITICAL | [email protected] | ||||
| CVSS 3.1 | CRITICAL | [email protected] |
Solution
- For 7.0.x, upgrade to Fortigate version 7.0.17 or later.
Public PoC/Exploit Available at Github
CVE-2024-55591 has a 22 public
PoC/Exploit available at Github.
Go to the Public Exploits tab to see the list.
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2024-55591.
| URL | Resource |
|---|---|
| https://fortiguard.fortinet.com/psirt/FG-IR-24-535 | Mitigation Vendor Advisory |
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2024-55591 is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2024-55591
weaknesses.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
CVE POC repo 자동 수집기
Python
None
Python
None
Python
None
HTML Python Shell
None
#PoC for CVE-2024-55591 Authentication bypass Affects: FortiOS 7.0.0 to 7.0.16 , FortiProxy 7.0.0 to 7.0.19 ,FortiProxy 7.2.0 to 7.2.12
Python
A comprehensive all-in-one Python-based Proof of Concept script to discover and exploit a critical authentication bypass vulnerability (CVE-2024-55591) in certain Fortinet devices.
attack-surface automated firewall fortinet poc wizard cve-2024-55591
Python
FortiGate Config Leak Checker
cybersecurity fortigate leak
CSS JavaScript HTML
None
Python
CVE-2024-55591 Opening CMD (Command Line Interface), Creating a Superuser, and Managing VPN Groups
Python
An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS and FortiProxy may allow a remote attacker to gain super-admin privileges via crafted requests to Node.js websocket module.
Python
Private CVE-2024-55591
None
None
Python
Checks for authentication bypass vulnerability inFortinet's FortiOS, potentially exploited by remote attackers.
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2024-55591 vulnerability anywhere in the article.
-
BleepingComputer
The Heat Wasn't Just Outside: Cyber Attacks Spiked in Summer 2025
Summer 2025 wasn't just hot; it was relentless. Ransomware hammered hospitals, retail giants suffered data breaches, insurance firms were hit by phishing, and nation-state actors launched disruptive c ... Read more
-
CybersecurityNews
New Attack Targeting Japanese Companies Exploiting Ivanti & Fortinet VPN Vulnerabilities
A sophisticated cyber espionage campaign has emerged targeting Japanese organizations through critical vulnerabilities in Ivanti Connect Secure and FortiGate VPN devices. The attack campaign, observed ... Read more
-
The Hacker News
Former Black Basta Members Use Microsoft Teams and Python Scripts in 2025 Attacks
Former members tied to the Black Basta ransomware operation have been observed sticking to their tried-and-tested approach of email bombing and Microsoft Teams phishing to establish persistent access ... Read more
-
Cyber Security News
Hackers Actively Exploiting Fortigate Vulnerabilities to Deploy Qilin Ransomware
A new wave of cyberattacks has emerged targeting critical infrastructure through the exploitation of Fortigate security appliance vulnerabilities, with threat actors successfully deploying the notorio ... Read more
-
BleepingComputer
Critical Fortinet flaws now exploited in Qilin ransomware attacks
The Qilin ransomware operation has recently joined attacks exploiting two Fortinet vulnerabilities that allow bypassing authentication on vulnerable devices and executing malicious code remotely. Qili ... Read more
-
Help Net Security
44% of the zero-days exploited in 2024 were in enterprise solutions
In 2024, threat actors exploited 75 zero-days – i.e., vulnerabilities previously unknown to vendors, thus without a readily available patch – in a wide variety of attacks. Of these, 33 vulnerabilities ... Read more
-
The Hacker News
Hackers Abuse Russian Bulletproof Host Proton66 for Global Attacks and Malware Delivery
Vulnerability / Threat Intelligence Cybersecurity researchers have disclosed a surge in "mass scanning, credential brute-forcing, and exploitation attempts" originating from IP addresses associated wi ... Read more
-
Daily CyberSecurity
China-Nexus APT Exploits Ivanti Connect Secure VPN in Global Cyber Espionage Campaign
A recent report by TeamT5 has uncovered a widespread cyber espionage campaign targeting Ivanti Connect Secure VPN appliances. The report details how a China-nexus Advanced Persistent Threat (APT) grou ... Read more
-
Cyber Security News
Hackers Allegedly Selling FortiGate Firewall 0-Day Exploit on Dark Web Forum
A threat actor has reportedly advertised a zero-day exploit targeting Fortinet’s FortiGate firewalls on a prominent dark web forum. The exploit claims to enable unauthenticated remote code execution ( ... Read more
-
BleepingComputer
Critical FortiSwitch flaw lets hackers change admin passwords remotely
Fortinet has released security patches for a critical vulnerability in its FortiSwitch devices that can be exploited to change administrator passwords remotely. The company says Daniel Rozeboom of the ... Read more
-
security.nl
Fortinet maakt kritiek firewall-lek maand na uitkomen update bekend
Fortinet heeft een kritieke kwetsbaarheid in de firewalls en vpn-oplossingen die het biedt een maand na het uitkomen van de beveiligingsupdate bekendgemaakt. Via het beveiligingslek (CVE-2025-24472) i ... Read more
-
BleepingComputer
Fortinet warns of new zero-day exploited to hijack firewalls
Fortinet warned today that attackers are exploiting another now-patched zero-day bug in FortiOS and FortiProxy to hijack Fortinet firewalls and breach enterprise networks. Successful exploitation of t ... Read more
-
BleepingComputer
Fortinet discloses second firewall auth bypass patched in January
Update 2/11/25 07:32 PM ET: After publishing our story, Fortinet has informed us that the new CVE-2025-24472 flaw added to FG-IR-24-535 today is not a zero-day and was already fixed in January. Furthe ... Read more
-
TheCyberThrone
TheCyberThrone Security Weekly Review – February 01, 2025
Welcome to TheCyberThrone cybersecurity week in review will be posted covering the important security happenings. This review is for the week ending Saturday, February 01, 2025.Cyber Incidents at Tat ... Read more
-
TheCyberThrone
TheCyberThrone CyberSecurity Newsletter Top 5 Articles – January 2025
Welcome to TheCyberThrone cybersecurity month in review will be posted covering the important security happenings . This review is for the month ending January 2025Subscribers favorite #1Exploit Code ... Read more
-
TheCyberThrone
VMware Aria Vulnerabilities Addressed
VMware Security Advisory VMSA-2025-0003 addresses multiple vulnerabilities identified in VMware Aria Operations for Logs and VMware Aria Operations. These vulnerabilities, if exploited, could allow at ... Read more
-
TheCyberThrone
PHP Voyager flaws lead to RCE
Three critical vulnerabilities have been disclosed in the open-source PHP package Voyager, a widely used tool for managing Laravel applications. These vulnerabilities, identified as CVE-2024-55417, CV ... Read more
-
TheCyberThrone
CVE-2024-55591 Exploit Code Released for FortiOS Flaw
Cybersecurity company watchTowr Labs has released the proof-of-concept (PoC) exploit code for a severe zero-day vulnerability, CVE-2024-55591, affecting Fortinet’s FortiOS and FortiProxy products. Thi ... Read more
-
Dark Reading
Actively Exploited Fortinet Zero-Day Gives Attackers Super-Admin Privileges
Source: Lutsenko via Oleksandr via ShutterstockFortinet has patched an actively exploited zero-day authentication bypass flaw affecting its FortiOS and FortiProxy products, which attackers have been e ... Read more
-
Help Net Security
Week in review: 48k Fortinet firewalls open to attack, attackers “vishing” orgs via Microsoft Teams
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: 48,000+ internet-facing Fortinet firewalls still open to attack Despite last week’s confirmation of an ... Read more
The following table lists the changes that have been made to the
CVE-2024-55591 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
CVE CISA KEV Update by 9119a7d8-5eab-497f-8521-727c672e3725
Jan. 23, 2025
Action Type Old Value New Value Changed Vulnerability Name Fortinet FortiOS Authorization Bypass Vulnerability Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability -
Initial Analysis by [email protected]
Jan. 15, 2025
Action Type Old Value New Value Added CVSS V3.1 NIST AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Added CWE NIST NVD-CWE-Other Added CPE Configuration OR *cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:* versions from (including) 7.0.0 up to (excluding) 7.0.20 *cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:* versions from (including) 7.2.0 up to (excluding) 7.2.13 *cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:* versions from (including) 7.0.0 up to (excluding) 7.0.17 Changed Reference Type https://fortiguard.fortinet.com/psirt/FG-IR-24-535 No Types Assigned https://fortiguard.fortinet.com/psirt/FG-IR-24-535 Mitigation, Vendor Advisory -
CVE CISA KEV Update by 9119a7d8-5eab-497f-8521-727c672e3725
Jan. 15, 2025
Action Type Old Value New Value Added Date Added 2025-01-14 Added Due Date 2025-01-21 Added Required Action Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. Added Vulnerability Name Fortinet FortiOS Authorization Bypass Vulnerability -
New CVE Received by [email protected]
Jan. 14, 2025
Action Type Old Value New Value Added Description An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS version 7.0.0 through 7.0.16 and FortiProxy version 7.0.0 through 7.0.19 and 7.2.0 through 7.2.12 allows a remote attacker to gain super-admin privileges via crafted requests to Node.js websocket module. Added CVSS V3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Added CWE CWE-288 Added Reference https://fortiguard.fortinet.com/psirt/FG-IR-24-535