SUMMARY
On January 14th, Fortinet released a security advisory related to Critical Vulnerability, CVE-2024-55591. An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS and FortiProxy may allow a remote attacker to gain super-admin privileges via crafted requests to Node.js websocket module.
NOTE: Reports have shown this is being exploited in the wild.
SEVERITY
- 5ironCyber considers this a CRITICAL threat.
ACTIONS
- Review the list of affected systems in the following source: https://fortiguard.fortinet.com/psirt/FG-IR-24-535. If your systems are vulnerable, please follow the recommended upgrade path using Fortinet’s tool at: https://docs.fortinet.com/upgrade-tool
- If your Fortinet Firewalls are managed by 5ironCyber, the operations team is in the process of coordinating with clients and updating affected firewalls.
