⚠ Actively exploited in ransomware campaigns
This vulnerability is on the CISA Known Exploited Vulnerabilities list and has been used in known ransomware attacks. CISA required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.. Due date: 2025-01-21.

CVE-2024-55591Authentication Bypass Using an Alternate Path or Channel in Fortinet Fortios

CWE-288Authentication Bypass Using an Alternate Path or Channel14 documents11 sources
Severity
9.8CRITICALNVD
EPSS
94.2%
top 0.08%
CISA KEV
KEVRansomware
Added 2025-01-14
Due 2025-01-21
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Fortinet FortiosFortinet Fortiproxy
Timeline
PublishedJan 14
KEV addedJan 14
KEV dueJan 21
Latest updateMar 13
CISA Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Description

An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS version 7.0.0 through 7.0.16 and FortiProxy version 7.0.0 through 7.0.19 and 7.2.0 through 7.2.12 allows a remote attacker to gain super-admin privileges via crafted requests to Node.js websocket module.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages4 packages

NVDfortinet/fortios7.0.07.0.17
NVDfortinet/fortiproxy7.0.07.0.20+1
CVEListV5fortinet/fortios7.0.07.0.16
CVEListV5fortinet/fortiproxy7.2.07.2.12+1

🔴Vulnerability Details

3
GHSA
GHSA-v4mr-pqhx-vpm2: An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS version 72025-01-14
CVEList
CVE-2024-55591: An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS version 72025-01-14
VulnCheck
Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability2024

💥Exploits & PoCs

1
Nuclei
Fortinet - Authentication Bypass

🔍Detection Rules

1
Suricata
ET WEB_SPECIFIC_APPS Fortinet Authentication Bypass via Node.js Websocket (CVE-2024-55591)2025-01-16

📋Vendor Advisories

2
Fortinet
Authentication bypass in Node.js websocket module and CSF requests2025-01-14
CISA
Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability2025-01-14

🕵️Threat Intelligence

5
Bleepingcomputer
New SuperBlack ransomware exploits Fortinet auth bypass flaws2025-03-13
Bleepingcomputer
Fortinet discloses second firewall auth bypass patched in January2025-02-11
Bleepingcomputer
Fortinet warns of auth bypass zero-day exploited to hijack firewalls2025-01-14
Threat Intel
Mora_001
Threat Intel
Belsen Group
CVE-2024-55591 — Fortinet Fortios vulnerability | cvebase