Fortinet: Network Exploitation of CVE-2024-55591 Detected (AL08/250114/CSIRT-ITA)

Summary

Security researchers have recently detected an exploitation campaign for the CVE-2024-55591 vulnerability, rated “Critical,” in Fortinet firewalls, targeting the publicly exposed management interfaces of FortiOS and FortiProxy.

Note: A Proof of Concept (PoC) for the exploitation of CVE-2024-55591 is reportedly available online.

Risk

Community Impact Rating: Critical (78.97)

Description and Potential Impacts

This vulnerability – with a CVSS v3 score of 9.6 – of the “Authentication Bypass” type, could allow malicious actors to obtain:

administrative access to devices
ability to create new accounts
authentication via SSL VPN
access and modification of device configuration settings
exfiltration of Active Directory credentials via DCSync

For any further information, we recommend consulting the link to the analysis, available in the References section.

Type

Authentication Bypass

Affected products and/or versions

FortiProxy 7.2.x, version 7.2.12 and earlier
FortiProxy 7.0.x, version 7.0.19 and earlier
FortiOS 7.0.x, version 7.0.16 and earlier

Mitigation actions

In line with the vendor’s statements, it is recommended to update vulnerable products following the instructions in the security bulletin in the References section.

Furthermore, it is important to inhibit the possibility of accessing the management interfaces of such devices from the Internet.

Finally, it is recommended to evaluate the verification and implementation – on your security devices – of the Indicators of Compromission (IoC) [1] provided in the “IoC” section.

[1] By definition, not all indicators of compromise are malicious. This CSIRT has no responsibility for the implementation of any proactive actions (e.g. blocklisting IoCs) related to the indicators provided. The information contained in this document represents the best understanding of the threat at the time of release.

CVE
CVE-2024-55591

References

https://www.fortiguard.com/psirt/FG-IR-24-535

https://arcticwolf.com/resources/blog/console-chaos-targets-fortinet-fortigate-firewalls/

¹This estimate is made taking into account several parameters, including: CVSS, availability of patches/workarounds and PoC, diffusion of the affected software/devices in the reference community.

Home

Some companies that have chosen us

Professional qualifications

Fortinet: Network Exploitation of CVE-2024-55591 Detected (AL08/250114/CSIRT-ITA)

Recommended to you

ROMANIAN SUPERVISORY AUTHORITY: Sanction for violation of the GDPR

DANISH SUPERVISORY AUTHORITY: Berlingske complies with the Danish Data Protection Agency’s order in the...

Elastic NV Product Updates (AL02/250124/CSIRT-ITA)

Vulnerabilities in Mitel Products (AL01/250124/CSIRT-ITA)

Fixed vulnerabilities in Cisco products (AL01/250123/CSIRT-ITA)

Fixed vulnerabilities in Google Chrome (AL02/250123/CSIRT-ITA)

Vulnerabilities in SonicWall Products (AL03/250123/CSIRT-ITA)

Security Updates for Node.js (AL04/250123/CSIRT-ITA)

LATVIAN SUPERVISORY AUTHORITY: Is apartment owner data safe in BIS?

Fixed vulnerabilities on GitLab CE/EE (AL05/250123/CSIRT-ITA)

FRENCH SUPERVISORY AUTHORITY: Reusing databases: the necessary checks to comply with the law

CROATIAN SUPERVISORY AUTHORITY: Celebrating European Data Protection Day: “What does artificial intelligence bring us?”

SLOVENIAN SUPERVISORY AUTHORITY: Are you handling requests for access to your own personal data...

Oracle Critical Patch Update (AL01/250122/CSIRT-ITA)

7-Zip vulnerability fixed (AL02/250122/CSIRT-ITA)

BELGIAN SUPERVISORY AUTHORITY: EDPB publishes guidelines on pseudonymisation

IRISH SUPERVISORY AUTHORITY: DPC national report findings under the

CROATIAN SUPERVISORY AUTHORITY: The European Data Protection Board has identified challenges to the full...

DANISH SUPERVISORY AUTHORITY: FC Copenhagen receives permission to use automatic facial recognition