Severity Level: Critical
Title:
Fortinet Zero-day Vulnerability Exploited
Summary:
A critical security vulnerability affecting Fortinet’s FortiOS and FortiProxy systems has been actively exploited in the wild, allowing attackers to gain super-admin privileges.
The flaw, tracked as CVE-2024-55591, is an authentication bypass vulnerability that leverages crafted requests to the Node.js WebSocket module. It has been assigned a CVSS score of 9.3, highlighting its severity.
The vulnerability impacts FortiOS versions 7.0.0 through 7.0.16 and FortiProxy versions 7.0.0 through 7.0.19 as well as 7.2.0 through 7.2.12.
Exploitation allows remote attackers to bypass authentication, obtain super-admin privileges, and execute unauthorized commands on affected devices without user interaction.
Fortinet confirmed the exploitation of this zero-day vulnerability after cybersecurity researchers from Arctic Wolf observed mass exploitation campaigns targeting publicly exposed Fortinet firewalls since November 2024.
Fortinet has released patches to address the vulnerability:
- FortiOS: Upgrade to version 7.0.17 or higher.
- FortiProxy: Upgrade to version 7.2.13 or higher or 7.0.20 or higher.
Recommendations:
- Apply updates promptly using their upgrade tool.
- Monitor logs for IoCs.
- Restrict management interface access using local-in policies or trusthost configurations.
References:
click here