About the Vulnerability
Introduction
FortiOS is a high-quality network security operating system developed by Fortinet. This operating system employs advanced technology and design to provide users with reliable network security solutions. FortiOS features a variety of functions, such as attack protection, traffic management, and VPN connections, which can meet users' diverse network security needs. Additionally, FortiOS has a user-friendly interface and easy-to-manage features, helping users easily manage and monitor the status and performance of network security. FortiOS is suitable for various enterprises and organizations, offering efficient network security protection.
Summary
On January 15, 2025, Sangfor FarSight Labs received notification that a Fortinet-Fortios component contains information of authentication bypass vulnerability(CVE-2024-55591), classified as critical in threat level.
FortiOS and FortiProxy contain an authentication bypass vulnerability that utilizes an alternate path or channel. Unauthorized attackers can gain super administrator privileges by forging requests to the Node.js websocket module.
Affected Versions
7.0.0 ≤ FortiOS < 7.0.16
7.2.0 ≤ FortiProxy < 7.2.13
7.0.0 ≤ FortiProxy < 7.0.20
Solutions
Remediation Solutions
Official Solution
The latest versions have officially been released to fix the vulnerability. Affected users are recommended to update the server to the following versions:
FortiOS 7.0.17
FortiProxy 7.2.13
FortiProxy 7.0.20
Download link:
https://docs.fortinet.com/upgrade-tool/fortigate
Temporary Solution
- Disable the HTTP/HTTPS management interface or restrict access using local policies. For detailed operation procedures, see: https://fortiguard.fortinet.com/psirt/FG-IR-24-535
- Monitor logs and regularly check abnormal activities in the system logs, including unusual login attempts and configuration changes
- Use strong passwords and implement multi-factor authentication (MFA), and restrict management access to trusted IP ranges.
Timeline
On January 15, 2025, Sangfor FarSight Labs received notification of FortiOS and FortiProxy Authentication Bypass Vulnerability.
On January 15, 2025, Sangfor FarSight Labs released a vulnerability alert.
References