CVE-2024-55591

CVSS 9.6 CRITICALEPSS 98.3%● KEVCWE-288

In short

FortiOS and FortiProxy devices can be taken over by attackers who send specially crafted requests to a websocket component, bypassing normal login protections and gaining full administrative control without credentials.

Technical detail

Authentication bypass in FortiOS 7.0.0–7.0.16 and FortiProxy 7.0.0–7.0.19, 7.2.0–7.2.12 via alternative websocket authentication channel in Node.js module. Remote unauthenticated attacker can escalate to super-admin privileges through crafted requests, requiring network access only.

Summary generated and translated by AI from the official description.

An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS version 7.0.0 through 7.0.16 and FortiProxy version 7.0.0 through 7.0.19 and 7.2.0 through 7.2.12 allows a remote attacker to gain super-admin privileges via crafted requests to Node.js websocket module.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:W/RC:C

Affected products

Fortinet · FortiOS Fortinet · FortiProxy

public PoCs found — 8

githubgithub.com/watchtowrlabs/fortios-auth-bypass-poc-CVE-2024-55591★ 77 githubgithub.com/watchtowrlabs/fortios-auth-bypass-check-CVE-2024-55591★ 66 githubgithub.com/sysirq/fortios-auth-bypass-poc-CVE-2024-55591★ 26 githubgithub.com/exfil0/CVE-2024-55591-POC★ 11 githubgithub.com/virus-or-not/CVE-2024-55591★ 8 githubgithub.com/sysirq/fortios-auth-bypass-exploit-CVE-2024-55591★ 3 githubgithub.com/UMChacker/CVE-2024-55591-POC★ 2 githubgithub.com/0x7556/CVE-2024-55591★ 0

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://fortiguard.fortinet.com/psirt/FG-IR-24-535 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-55591