Tag :
Cyber Security

About the Vulnerability

Introduction

FortiOS is a high-quality network security operating system developed by Fortinet. This operating system employs advanced technology and design to provide users with reliable network security solutions. FortiOS features a variety of functions, such as attack protection, traffic management, and VPN connections, which can meet users' diverse network security needs. Additionally, FortiOS has a user-friendly interface and easy-to-manage features, helping users easily manage and monitor the status and performance of network security. FortiOS is suitable for various enterprises and organizations, offering efficient network security protection.

Summary

On January 15, 2025, Sangfor FarSight Labs received notification that a Fortinet-Fortios component contains information of authentication bypass vulnerability(CVE-2024-55591), classified as critical in threat level.

FortiOS and FortiProxy contain an authentication bypass vulnerability that utilizes an alternate path or channel. Unauthorized attackers can gain super administrator privileges by forging requests to the Node.js websocket module.

Affected Versions

7.0.0 ≤ FortiOS < 7.0.16

7.2.0 ≤ FortiProxy < 7.2.13

7.0.0 ≤ FortiProxy < 7.0.20

Solutions

Remediation Solutions

Official Solution

The latest versions have officially been released to fix the vulnerability. Affected users are recommended to update the server to the following versions:

FortiOS 7.0.17

FortiProxy 7.2.13

FortiProxy 7.0.20

Download link:

https://docs.fortinet.com/upgrade-tool/fortigate

Temporary Solution

  1. Disable the HTTP/HTTPS management interface or restrict access using local policies. For detailed operation procedures, see: https://fortiguard.fortinet.com/psirt/FG-IR-24-535
  2. Monitor logs and regularly check abnormal activities in the system logs, including unusual login attempts and configuration changes
  3. Use strong passwords and implement multi-factor authentication (MFA), and restrict management access to trusted IP ranges.

Timeline

On January 15, 2025, Sangfor FarSight Labs received notification of FortiOS and FortiProxy Authentication Bypass Vulnerability.

On January 15, 2025, Sangfor FarSight Labs released a vulnerability alert.

References

https://fortiguard.fortinet.com/psirt/FG-IR-24-535

https://securityonline.info/active-exploitation-of-cve-2024-55591-cvss-9-6-fortios-and-fortiproxy-under-threat/

Listen To This Post

Search

Keyword maximum 256 character

Get in Touch

Get in Touch with Sangfor Team for Business Inquiry

Name
Email Address
Business Phone Number
Tell us about your project requirements

Related Articles

CVE-2024-47908: Ivanti CSA Remote Command Execution Vulnerability

Date : 13 Feb 2025
Read Now

Roundup of Microsoft Patch Tuesday (January 2024)

Date : 16 Jan 2025
Read Now

CVE-2025-0282: Ivanti Connect Secure, Policy Secure & ZTA Gateways Buffer Overflow Vulnerability

Date : 09 Jan 2025
Read Now

See Other Product

Cyber Command - NDR Platform
Endpoint Secure
Internet Access Gateway (IAG)
Sangfor Network Secure - Next Generation Firewall
Platform-X
Sangfor Access Secure - A SASE Solution

Meet the Author

Sangfor HQ Building

Sangfor Technologies

Sangfor Technologies is a leading vendor of Cyber Security and Cloud Computing solutions. The majority of the blogs that you are seeing here are written by professionals working at Sangfor. We have a team of content writers, product managers and marketing experts who are taking care of writing articles on various topics that are relevant to our audience. Our team ensures that the articles published are factually correct and helpful to our customers and partners to know more about the recent trends on Cyber Security and Cloud, and how it can help their organizations.

  • facebook
  • twitter
  • linkedin
  • youtube
  • instagram
See Author's Detail