CRITICAL🚩 CISA KEV⚡ EXPLOIT🇵🇱 Wersja polska

CVE-2024-55591

CVSS 9.8v3.1pub. 2025-01-14upd. 2025-10-24

An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS version 7.0.0 through 7.0.16 and FortiProxy version 7.0.0 through 7.0.19 and 7.2.0 through 7.2.12 allows a remote attacker to gain super-admin privileges via crafted requests to Node.js websocket module.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Fortinet FortiOS

    OS
    Fortinet
    7.0.0 – 7.0.17 (bez)
  • Fortinet Fortiproxy

    APP
    Fortinet
    7.0.0 – 7.0.20 (bez)7.2.0 – 7.2.13 (bez)

CISA KEV — detailsi

Vendori
Fortinet
Producti
FortiOS and FortiProxy
Added to KEVi
January 14, 2025
Remediation deadline (US Federal)i
January 21, 2025(overdue)
Ransomwarei
Active ransomware campaigns exploit this vulnerability
Required action (CISA)i

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

CISA descriptioni

Fortinet FortiOS and FortiProxy contain an authentication bypass vulnerability that may allow an unauthenticated, remote attacker to gain super-admin privileges via crafted requests to Node.js websocket module.

🔴
IMMEDIATE ACTION
Actively exploited in the wild (CISA KEV). Patch immediately.
☠️WYKORZYSTYWANE W RANSOMWARECISA DEADLINE: 21 stycznia 2025
Tags
Auth BypassFirewall
CWE
References

Related vulnerabilities

CVE-2026-24858CRITICAL9.8⚠ KEVPL ✓ten sam produkt

Fortinet – Auth Bypass przez FortiCloud SSO w wielu produktach

CVE-2025-59718CRITICAL9.8⚠ KEVPL ✓ten sam produkt

Fortinet FortiOS/FortiProxy/FortiSwitchManager — Auth Bypass przez SAML

CVE-2024-23113CRITICAL9.8⚠ KEVPL ✓ten sam produkt

Krytyczna podatność format string RCE w Fortinet FortiOS, FortiProxy i FortiSwitchManager

CVE-2024-21762CRITICAL9.8⚠ KEVPL ✓ten sam produkt

Out-of-bounds write w Fortinet FortiOS i FortiProxy — RCE bez uwierzytelnienia

CVE-2023-27997CRITICAL9.8⚠ KEVten sam produkt

A heap-based buffer overflow vulnerability [CWE-122] in FortiOS version 7.2.4 and below, version 7.0.11 and be...