1. Home
  2. Vulnerabilities
  3. CVE-2024-55591
Known Exploited Vulnerability
9.8
CRITICAL CVSS 3.1
CVE-2024-55591
Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability - [Actively Exploited]
Overview
Description

An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS version 7.0.0 through 7.0.16 and FortiProxy version 7.0.0 through 7.0.19 and 7.2.0 through 7.2.12 allows a remote attacker to gain super-admin privileges via crafted requests to Node.js websocket module.

Details
INFO

Published Date :

Jan. 14, 2025, 2:15 p.m.

Last Modified :

Oct. 24, 2025, 12:54 p.m.

Remotely Exploit :

Yes !

Source :

[email protected]
CISA Notification
CISA KEV (Known Exploited Vulnerabilities)

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild.

Description :

Fortinet FortiOS and FortiProxy contain an authentication bypass vulnerability that may allow an unauthenticated, remote attacker to gain super-admin privileges via crafted requests to Node.js websocket module.

Required Action :

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Known Ransomware Campaign Use:

Known Detected Feb 26, 2026

Notes :

https://fortiguard.fortinet.com/psirt/FG-IR-24-535 ; https://nvd.nist.gov/vuln/detail/CVE-2024-55591

Impact
Affected Products

The following products are affected by CVE-2024-55591 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Fortinet fortios
2 Fortinet fortiproxy
: Total Affected Vendor : 1 | Products : 2
Scoring
CVSS Scores
The Common Vulnerability Scoring System is a standardized framework for assessing the severity of vulnerabilities in software and systems. We collect and displays CVSS scores from various sources for each CVE.
Score Version Severity Vector Exploitability Score Impact Score Source
CVSS 3.1 CRITICAL [email protected]
CVSS 3.1 CRITICAL [email protected]
Solution
Update FortiOS and FortiProxy to patched versions to prevent authentication bypass and privilege escalation.
  • Update FortiOS to a version later than 7.0.16.
  • Update FortiProxy to a version later than 7.0.19 or 7.2.12.
  • Apply vendor patches for Node.js websocket module.
Public PoC/Exploit Available at Github

CVE-2024-55591 has a 47 public PoC/Exploit available at Github. Go to the Public Exploits tab to see the list.

References
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2024-55591.

URL Resource
https://fortiguard.fortinet.com/psirt/FG-IR-24-535 Mitigation Vendor Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-55591 US Government Resource
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2024-55591 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2024-55591 weaknesses.

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Profile Photo
incur8yws/Shada

Autonomous AI-powered Active Directory pentesting framework — 63 agents, 55+ CVEs, Mimikatz/Certipy/hashcat tool chain, BloodHound-style BFS graph, MITRE ATT&CK mapping (132 IDs), real-time dashboard.

Dockerfile Python HTML

Updated: 4 days, 5 hours ago
0 stars 1 fork 1 watcher
Born at : May 26, 2026, 3:04 a.m. This repo has been linked 42 different CVEs too.
Profile Photo
exploitintel/eip-search

Search exploits, vulnerabilities, and threat intelligence from the Exploit Intelligence Platform.

cve database exploit vulnerability

Makefile Python

Updated: 1 week, 2 days ago
0 stars 0 fork 0 watcher
Born at : May 21, 2026, 8:41 p.m. This repo has been linked 20 different CVEs too.
Profile Photo
exploitintel/eip-search

Search exploits, vulnerabilities, and threat intelligence from the Exploit Intelligence Platform.

cve database exploit vulnerability

Makefile Python Dockerfile Shell

Updated: 1 week, 4 days ago
0 stars 0 fork 0 watcher
Born at : May 19, 2026, 11:46 p.m. This repo has been linked 20 different CVEs too.
Profile Photo
exploitintel/eip-mcp

Exploit Intelligence Platform MCP Server

cve database exploit mcp-server vulnerability

Makefile Python Dockerfile Shell

Updated: 1 week, 2 days ago
0 stars 0 fork 0 watcher
Born at : May 19, 2026, 11:42 p.m. This repo has been linked 31 different CVEs too.
Profile Photo
OyaAIProd/eip-mcp

Exploit Intelligence Platform MCP Server

Shell Python Makefile Dockerfile

Updated: 1 week, 5 days ago
0 stars 0 fork 0 watcher
Born at : May 19, 2026, 2:06 a.m. This repo has been linked 31 different CVEs too.
Profile Photo
akshat448/Cyber-Risk-Assistant

None

Python HTML

Updated: 1 week, 3 days ago
0 stars 0 fork 0 watcher
Born at : May 18, 2026, 6:49 p.m. This repo has been linked 5 different CVEs too.
Profile Photo
MuaazSM/tawasolpay-risk-assistant

None

Python CSS TypeScript JavaScript Dockerfile

Updated: 1 week, 5 days ago
0 stars 0 fork 0 watcher
Born at : May 17, 2026, 11:04 p.m. This repo has been linked 3 different CVEs too.
Profile Photo
1337or420/FortiGate-FortiWeb-Multi-Exploit-Extractor

FortiGate & FortiWeb Multi-Exploit Extractor v3.0 Мощный сканер уязвимостей для FortiGate и FortiWeb, поддерживающий несколько известных CVE и извлечение учетных данных.

Go

Updated: 2 weeks, 2 days ago
0 stars 0 fork 0 watcher
Born at : May 14, 2026, 2:07 p.m. This repo has been linked 8 different CVEs too.
Profile Photo
EddieGerbs/FortiScan

None

Python

Updated: 2 weeks, 3 days ago
0 stars 0 fork 0 watcher
Born at : May 9, 2026, 12:24 a.m. This repo has been linked 6 different CVEs too.
Profile Photo
ChovTheHacker/EREBUS

EREBUS: Qt6 penetration testing framework with 12+ CVE exploits, network reconnaissance with interactive visualization, SSH bruteforce, HTTP fuzzing, SSL/TLS analysis, SMB/SNMP enumeration. Features real-time plugin marketplace, SQLite storage, invite-based auth system, and modular architecture for dynamic plugins.

Updated: 1 month ago
0 stars 0 fork 0 watcher
Born at : April 29, 2026, 7:19 p.m. This repo has been linked 12 different CVEs too.
Profile Photo
J3ff-R3y/network-scanner-cmdb

RHEL 8 agentless netwerk asset scanner voor CMDB — OS, CVEs, SSL, SMB, applicaties (Log4j, VMware, Citrix, Exchange, Fortinet, Commvault, F5)

Python

Updated: 2 months ago
1 stars 0 fork 0 watcher
Born at : March 25, 2026, 11:33 a.m. This repo has been linked 12 different CVEs too.
Profile Photo
Krishcalin/Fortinet-Network-Security

A python based passive and active security scanner

Python HTML

Updated: 1 month, 4 weeks ago
1 stars 0 fork 0 watcher
Born at : March 14, 2026, 6:13 p.m. This repo has been linked 8 different CVEs too.
Profile Photo
Leviticus-Triage/llm-honeypot-intelligence

Distributed honeypot intelligence platform with LLM-powered adaptive deception, RL engagement scoring, automated SIEM rule generation (Suricata/Sigma/YARA), ML anomaly detection, and C2/covert channel detection. 55M+ events from 22K+ IPs across 122 countries. Rules auto-synced every 6h.

Shell Dockerfile Python YARA

Updated: 1 month, 1 week ago
1 stars 0 fork 0 watcher
Born at : March 11, 2026, 2:22 p.m. This repo has been linked 34 different CVEs too.
Profile Photo
Willie-Conway/SOC-Simulator

SENTINEL SOC is a professional-grade Security Operations Center (SOC) dashboard that simulates real-world threat detection, investigation, and response workflows. Built with React and Recharts, it features live alert monitoring, interactive investigation playbooks with terminal-style execution, global attack maps, real-time CVE intelligence🔒.

ctf cve cyber-defense cybersecurity dashboard edr incident-response leaflet playbooks react recharts security-analytics security-operations-center security-simulator security-training siem soc threat-hunting threat-intelligence vulnerability-management

Shell HTML JavaScript

Updated: 2 months, 3 weeks ago
1 stars 0 fork 0 watcher
Born at : March 9, 2026, 2:03 a.m. This repo has been linked 6 different CVEs too.
Profile Photo
exploitintel/eip-mcp

Exploit Intelligence Platform MCP Server

cve database exploit vulnerability mcp-server

Makefile Python Dockerfile Shell

Updated: 1 week, 5 days ago
2 stars 0 fork 0 watcher
Born at : Feb. 24, 2026, 10:03 p.m. This repo has been linked 31 different CVEs too.

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2024-55591 vulnerability anywhere in the article.

  • CybersecurityNews
Russian Threat Groups Use RDP, VPN, Supply Chain Attacks, and Social Engineering for Initial Access

Russian state-sponsored threat groups significantly stepped up their cyber operations in 2025, using a range of methods to break into targeted systems. From exploiting remote desktop tools and virtual ... Read more

Published Date: May 22, 2026 (1 week, 1 day ago)
  • Huntress
The Gentleman Ransomware | Defense Evasion TTPs Uncovered | Huntress

Acknowledgments: Huntress wishes to recognize the contributions of SOC analysts Nick Roddy and Dani Lopez for their investigations and analysis into these incidents. The Huntress SOC recently came acr ... Read more

Published Date: May 21, 2026 (1 week, 2 days ago)
  • CybersecurityNews
The Gentlemen RaaS Leverages Fortinet and Cisco Edge Devices for Initial Access

A ransomware group that only surfaced in mid-2025 has already made a significant mark on the threat landscape. The Gentlemen, a ransomware-as-a-service (RaaS) operation, has quickly risen to become on ... Read more

Published Date: May 14, 2026 (2 weeks, 2 days ago)
  • AttackIQ
Emulating the Persuasive NightSpire Ransomware

Overview NightSpire is a financially motivated ransomware and data extortion group that emerged in early 2025. Initially operating as a closed, self-managed group, it conducted intrusions end-to-end w ... Read more

Published Date: Apr 14, 2026 (1 month, 2 weeks ago)
  • The Hacker News
ThreatsDay Bulletin: FortiGate RaaS, Citrix Exploits, MCP Abuse, LiveChat Phish & More

ThreatsDay Bulletin is back on The Hacker News, and this week feels off in a familiar way. Nothing loud, nothing breaking everything at once. Just a lot of small things that shouldn’t work anymore but ... Read more

Published Date: Mar 19, 2026 (2 months, 1 week ago)
  • Google Cloud
Ransomware Under Pressure: Tactics, Techniques, and Procedures in a Shifting Threat Landscape

Written by: Bavi Sadayappan, Zach Riddle, Ioana Teaca, Kimberly Goody, Genevieve Stark Introduction Since 2018, when many financially motivated threat actors began shifting their monetization strategy ... Read more

Published Date: Mar 16, 2026 (2 months, 2 weeks ago)
  • Daily CyberSecurity
Hackers Exploit Critical BeyondTrust Flaw to Deploy VShell and SparkRAT Across Multiple Sectors

A critical security flaw in a widely used enterprise access platform is under active attack, prompting urgent warnings from cybersecurity researchers and federal agencies alike. According to a new thr ... Read more

Published Date: Feb 23, 2026 (3 months, 1 week ago)
  • CybersecurityNews
Ransomware Attack 2025 Recap – From Critical Data Extortion to Operational Disruption

The ransomware landscape in 2025 has reached new heights, evolving from a cybersecurity issue into a strategic threat to national security and global economic stability. This year saw a 34%-50% surge ... Read more

Published Date: Dec 19, 2025 (5 months, 1 week ago)
  • Daily CyberSecurity
Crypto Crisis: UPBIT Hacked for $369 Million in Solana-Based Tokens

South Korea’s largest cryptocurrency exchange, UPBIT, has suffered a major cyberattack. According to an official announcement from the exchange, digital assets worth 54 billion KRW (approximately USD ... Read more

Published Date: Nov 27, 2025 (6 months ago)
  • Kaspersky
IT threat evolution in Q2 2025. Non-mobile statistics

IT threat evolution in Q2 2025. Non-mobile statistics IT threat evolution in Q2 2025. Mobile statistics The statistics in this report are based on detection verdicts returned by Kaspersky products unl ... Read more

Published Date: Sep 05, 2025 (8 months, 3 weeks ago)
  • BleepingComputer
Nissan confirms design studio data breach claimed by Qilin ransomware

Nissan Japan has confirmed to BleepingComputer that it suffered a data breach following unauthorized access to a server of one of its subsidiaries, Creative Box Inc. (CBI). This came in response to th ... Read more

Published Date: Aug 26, 2025 (9 months ago)
  • BleepingComputer
The Heat Wasn't Just Outside: Cyber Attacks Spiked in Summer 2025

Summer 2025 wasn't just hot; it was relentless. Ransomware hammered hospitals, retail giants suffered data breaches, insurance firms were hit by phishing, and nation-state actors launched disruptive c ... Read more

Published Date: Aug 05, 2025 (9 months, 3 weeks ago)
  • CybersecurityNews
New Attack Targeting Japanese Companies Exploiting Ivanti & Fortinet VPN Vulnerabilities

A sophisticated cyber espionage campaign has emerged targeting Japanese organizations through critical vulnerabilities in Ivanti Connect Secure and FortiGate VPN devices. The attack campaign, observed ... Read more

Published Date: Jul 16, 2025 (10 months, 2 weeks ago)
  • The Hacker News
Former Black Basta Members Use Microsoft Teams and Python Scripts in 2025 Attacks

Former members tied to the Black Basta ransomware operation have been observed sticking to their tried-and-tested approach of email bombing and Microsoft Teams phishing to establish persistent access ... Read more

Published Date: Jun 11, 2025 (11 months, 2 weeks ago)
  • Cyber Security News
Hackers Actively Exploiting Fortigate Vulnerabilities to Deploy Qilin Ransomware

A new wave of cyberattacks has emerged targeting critical infrastructure through the exploitation of Fortigate security appliance vulnerabilities, with threat actors successfully deploying the notorio ... Read more

Published Date: Jun 09, 2025 (11 months, 3 weeks ago)
  • BleepingComputer
Critical Fortinet flaws now exploited in Qilin ransomware attacks

The Qilin ransomware operation has recently joined attacks exploiting two Fortinet vulnerabilities that allow bypassing authentication on vulnerable devices and executing malicious code remotely. Qili ... Read more

Published Date: Jun 06, 2025 (11 months, 3 weeks ago)
  • Help Net Security
44% of the zero-days exploited in 2024 were in enterprise solutions

In 2024, threat actors exploited 75 zero-days – i.e., vulnerabilities previously unknown to vendors, thus without a readily available patch – in a wide variety of attacks. Of these, 33 vulnerabilities ... Read more

Published Date: Apr 29, 2025 (1 year, 1 month ago)
  • The Hacker News
Hackers Abuse Russian Bulletproof Host Proton66 for Global Attacks and Malware Delivery

Vulnerability / Threat Intelligence Cybersecurity researchers have disclosed a surge in "mass scanning, credential brute-forcing, and exploitation attempts" originating from IP addresses associated wi ... Read more

Published Date: Apr 21, 2025 (1 year, 1 month ago)
  • Daily CyberSecurity
China-Nexus APT Exploits Ivanti Connect Secure VPN in Global Cyber Espionage Campaign

A recent report by TeamT5 has uncovered a widespread cyber espionage campaign targeting Ivanti Connect Secure VPN appliances. The report details how a China-nexus Advanced Persistent Threat (APT) grou ... Read more

Published Date: Apr 15, 2025 (1 year, 1 month ago)
  • Cyber Security News
Hackers Allegedly Selling FortiGate Firewall 0-Day Exploit on Dark Web Forum

A threat actor has reportedly advertised a zero-day exploit targeting Fortinet’s FortiGate firewalls on a prominent dark web forum. The exploit claims to enable unauthenticated remote code execution ( ... Read more

Published Date: Apr 14, 2025 (1 year, 1 month ago)

Results are limited to the first 20 news articles due to potential performance issues.

The following table lists the changes that have been made to the CVE-2024-55591 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • Modified Analysis by [email protected]

    Oct. 24, 2025

    Action Type Old Value New Value
    Added Reference Type CISA-ADP: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-55591 Types: US Government Resource
  • CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0

    Oct. 21, 2025

    Action Type Old Value New Value
    Added Reference https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-55591
  • CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0

    Oct. 21, 2025

    Action Type Old Value New Value
    Removed Reference https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-55591
  • CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0

    Oct. 21, 2025

    Action Type Old Value New Value
    Added Reference https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-55591
  • CVE CISA KEV Update by 9119a7d8-5eab-497f-8521-727c672e3725

    Jan. 23, 2025

    Action Type Old Value New Value
    Changed Vulnerability Name Fortinet FortiOS Authorization Bypass Vulnerability Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability
  • Initial Analysis by [email protected]

    Jan. 15, 2025

    Action Type Old Value New Value
    Added CVSS V3.1 NIST AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    Added CWE NIST NVD-CWE-Other
    Added CPE Configuration OR *cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:* versions from (including) 7.0.0 up to (excluding) 7.0.20 *cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:* versions from (including) 7.2.0 up to (excluding) 7.2.13 *cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:* versions from (including) 7.0.0 up to (excluding) 7.0.17
    Changed Reference Type https://fortiguard.fortinet.com/psirt/FG-IR-24-535 No Types Assigned https://fortiguard.fortinet.com/psirt/FG-IR-24-535 Mitigation, Vendor Advisory
  • CVE CISA KEV Update by 9119a7d8-5eab-497f-8521-727c672e3725

    Jan. 15, 2025

    Action Type Old Value New Value
    Added Date Added 2025-01-14
    Added Due Date 2025-01-21
    Added Required Action Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
    Added Vulnerability Name Fortinet FortiOS Authorization Bypass Vulnerability
  • New CVE Received by [email protected]

    Jan. 14, 2025

    Action Type Old Value New Value
    Added Description An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS version 7.0.0 through 7.0.16 and FortiProxy version 7.0.0 through 7.0.19 and 7.2.0 through 7.2.12 allows a remote attacker to gain super-admin privileges via crafted requests to Node.js websocket module.
    Added CVSS V3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    Added CWE CWE-288
    Added Reference https://fortiguard.fortinet.com/psirt/FG-IR-24-535
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
CVSS
Vulnerability Scoring Details
Base CVSS Score: 9.8
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact