About the Vulnerability

Introduction

FortiOS is a high-quality network security operating system developed by Fortinet. This operating system employs advanced technology and design to provide users with reliable network security solutions. FortiOS features a variety of functions, such as attack protection, traffic management, and VPN connections, which can meet users' diverse network security needs. Additionally, FortiOS has a user-friendly interface and easy-to-manage features, helping users easily manage and monitor the status and performance of network security. FortiOS is suitable for various enterprises and organizations, offering efficient network security protection.

Summary

On January 15, 2025, Sangfor FarSight Labs received notification that a Fortinet-Fortios component contains information of authentication bypass vulnerability(CVE-2024-55591), classified as critical in threat level.

FortiOS and FortiProxy contain an authentication bypass vulnerability that utilizes an alternate path or channel. Unauthorized attackers can gain super administrator privileges by forging requests to the Node.js websocket module.

Affected Versions

7.0.0 ≤ FortiOS < 7.0.16

7.2.0 ≤ FortiProxy < 7.2.13

7.0.0 ≤ FortiProxy < 7.0.20

Solutions

Remediation Solutions

Official Solution

The latest versions have officially been released to fix the vulnerability. Affected users are recommended to update the server to the following versions:

FortiOS 7.0.17

FortiProxy 7.2.13

FortiProxy 7.0.20

Download link:

https://docs.fortinet.com/upgrade-tool/fortigate

Temporary Solution

  1. Disable the HTTP/HTTPS management interface or restrict access using local policies. For detailed operation procedures, see: https://fortiguard.fortinet.com/psirt/FG-IR-24-535
  2. Monitor logs and regularly check abnormal activities in the system logs, including unusual login attempts and configuration changes
  3. Use strong passwords and implement multi-factor authentication (MFA), and restrict management access to trusted IP ranges.

Timeline

On January 15, 2025, Sangfor FarSight Labs received notification of FortiOS and FortiProxy Authentication Bypass Vulnerability.

On January 15, 2025, Sangfor FarSight Labs released a vulnerability alert.

References

https://fortiguard.fortinet.com/psirt/FG-IR-24-535

https://securityonline.info/active-exploitation-of-cve-2024-55591-cvss-9-6-fortios-and-fortiproxy-under-threat/

Listen To This Post

Search

Get in Touch

Get in Touch with Sangfor Team for Business Inquiry

Name
Email Address
Business Phone Number
Tell us about your project requirements

Related Articles

CVE-2024-47908: Ivanti CSA Remote Command Execution Vulnerability

Date : 13 Feb 2025
Read Now

Roundup of Microsoft Patch Tuesday (January 2024)

Date : 16 Jan 2025
Read Now

CVE-2025-0282: Ivanti Connect Secure, Policy Secure & ZTA Gateways Buffer Overflow Vulnerability

Date : 09 Jan 2025
Read Now

See Other Product

Cyber Command - NDR Platform
Endpoint Secure
Internet Access Gateway (IAG)
Sangfor Network Secure - Next Generation Firewall
Platform-X
Sangfor Access Secure - A SASE Solution