Zero-day Vulnerability in Fortinet FortiGate firewalls

Tags: தமிழ். Risk Level: High.

Components Affected

  • FortiOS 7.0.0 through 7.0.16
  • FortiProxy 7.0.0 through 7.0.19
  • FortiProxy 7.2.0 through 7.2.12

Overview

A new authentication bypass zero-day vulnerability was identified in FortiOS and FortiProxy that can be used to exploit Fortinet firewalls and breach enterprise networks. Threat actors are leveraging exposed management interfaces to gain unauthorized administrative access, modify configurations, extract credentials, and move laterally within networks.

Description

An Authentication Bypass vulnerability (CVE-2024-55591) affecting FortiOS and FortiProxy could allow a remote attacker to gain super-admin privileges by sending crafted requests to the Node.js WebSocket module. Threat actors have weaponized this vulnerability to perform malicious actions, including creating admin and local user accounts, setting up new user groups or adding newly created local users to existing SSL VPN user groups, and modifying firewall policies.

Impact

  • Authentication bypass.
  • Unauthorized code or commands Execution.
  • Privilege escalation.
  • Critical configurations modification

Solution/ Workarounds

Apply the following fixes provided by the vendor.

  • Before installation of the software, please visit the software vendor web-site for more details. Apply fixes issued by the vendor: https://fortiguard.fortinet.com/psirt/FG-IR-24-535
  • Disable Public Management Interface Access Immediately – Restrict management interfaces to internal networks
  • Enable Multi-Factor Authentication (MFA) – Strengthen login security.
  • Monitor for Anomalous Activity – Look for unusual admin logins or unauthorized configuration changes.

Reference

Disclaimer

The information provided herein is on an “as is” basis, without warranty of any kind.