Cloud Vulnerability DB
An open project to list all known cloud vulnerabilities and Cloud Service Provider security issues
Vulnerability DatabaseCVE-2024-55591
CVE-2024-55591:
FortiOS vulnerability analysis and mitigation
Overview
An Authentication Bypass Using an Alternate Path or Channel vulnerability (CVE-2024-55591) was discovered affecting FortiOS version 7.0.0 through 7.0.16 and FortiProxy versions 7.0.0 through 7.0.19 and 7.2.0 through 7.2.12. The vulnerability was disclosed on January 14, 2025, and allows remote attackers to gain super-admin privileges through crafted requests to the Node.js websocket module. The vulnerability has been assigned a critical CVSS score of 9.8 (Fortinet Advisory).
Technical details
The vulnerability (CWE-288) enables unauthenticated attackers to bypass authentication mechanisms by exploiting the Node.js websocket module through specially crafted requests. The flaw specifically affects the management interface of FortiOS and FortiProxy devices. The vulnerability received a CVSS v3.1 base score of 9.8 (Critical) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, indicating network accessibility, low attack complexity, and no required privileges or user interaction (NVD).
Impact
Successful exploitation of this vulnerability allows attackers to gain super-admin privileges on affected systems. Observed attack patterns include creation of administrative accounts with random usernames, creation of local user accounts, modification of user groups including SSL VPN access, changes to firewall policies and addresses, and establishment of VPN tunnels to internal networks (Arctic Wolf, Fortinet Advisory).
Mitigation and workarounds
Fortinet has released patches addressing this vulnerability: FortiOS users should upgrade to version 7.0.17 or above, FortiProxy 7.2.x users should upgrade to 7.2.13 or above, and FortiProxy 7.0.x users should upgrade to 7.0.20 or above. Alternative workarounds include disabling HTTP/HTTPS administrative interfaces or limiting access to the administrative interface through local-in policies. Organizations are also advised to implement non-standard and non-guessable usernames for admin accounts as an additional security measure (Fortinet Advisory).
Community reactions
The vulnerability was added to CISA's Known Exploited Vulnerabilities (KEV) catalog on January 14, 2025, with a remediation deadline of January 21, 2025, highlighting the critical nature of this security issue. Security researchers from watchTowr were credited with discovering and responsibly disclosing the vulnerability (Censys, Arctic Wolf).
Additional resources
Source: This report was generated using AI
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Get a personalized demo
Ready to see Wiz in action?
“Best User Experience I have ever seen, provides full visibility to cloud workloads.”
David EstlickCISO
“Wiz provides a single pane of glass to see what is going on in our cloud environments.”
Adam FletcherChief Security Officer
“We know that if Wiz identifies something as critical, it actually is.”
Greg PoniatowskiHead of Threat and Vulnerability Management