Components Affected
Overview
A new authentication bypass zero-day vulnerability was identified in FortiOS and FortiProxy that can be used to exploit Fortinet firewalls and breach enterprise networks. Threat actors are leveraging exposed management interfaces to gain unauthorized administrative access, modify configurations, extract credentials, and move laterally within networks.
Description
An Authentication Bypass vulnerability (CVE-2024-55591) affecting FortiOS and FortiProxy could allow a remote attacker to gain super-admin privileges by sending crafted requests to the Node.js WebSocket module. Threat actors have weaponized this vulnerability to perform malicious actions, including creating admin and local user accounts, setting up new user groups or adding newly created local users to existing SSL VPN user groups, and modifying firewall policies.
Impact
Solution/ Workarounds
Apply the following fixes provided by the vendor.
Reference
Disclaimer
The information provided herein is on an “as is” basis, without warranty of any kind.