The BSI has already issued the second highest warning level, orange, for the actively exploited vulnerabilities in FortiOS and FortiProxy. The zero-day vulnerability CVE-2024-55591 is rated 9.6 out of 10 according to CVSS and is therefore critical.
Der laut BSI warning, Fortinet issued an advisory on January 14th about a vulnerability in Fortiproxy and FortiOS, the operating system used on the FortiGate firewall product range, among others. The vulnerability with the identifier CVE-2024-55591 was rated critical at 9.6 according to the Common Vulnerability Scoring System (CVSS) and allows an unauthenticated attacker to gain super admin privileges. It is an authentication bypass via an alternative path.
The vulnerability CVE-2024-55591 is already being actively exploited. This The IT security company Arctic Wolf also reports in its blog of unauthorized access to exposed management access points of the firewalls. Attackers also created new accounts, used them for SSL VPN authentication and made further configuration changes to the devices. The attackers then stole access data from compromised networks.
Fortinet's security warning
On January 14, 2025, Fortinet published a security advisory regarding a critical vulnerability in FortiOS and FortiProxy, registered under identifier CVE-2024-55591. This vulnerability allows an unauthenticated attacker to gain super-admin privileges by making specially crafted requests to the Node.js WebSocket module.
Advertising
Subscribe to our newsletter now
Read the best news from B2B CYBER SECURITY once a month
Expand for details on your consent
It goes without saying that we handle your personal data responsibly. If we collect personal data from you, we process it in compliance with the applicable data protection regulations. Detailed information can be found in our
Privacy. You can unsubscribe from the newsletter at any time. You will find a corresponding link in the newsletter. After you have unsubscribed, your data will be deleted as soon as possible. Recovery is not possible. If you would like to receive the newsletter again, simply order it again. Do the same if you want to use a different email address for your newsletter. If you would like to receive the newsletter offered on the website, we need an e-mail address from you as well as information that allows us to verify that you are the owner of the e-mail address provided and that you agree to receive the newsletter. Further data is not collected or only collected on a voluntary basis. We use newsletter service providers, which are described below, to process the newsletter.
CleverReach
This website uses CleverReach to send newsletters. The provider is CleverReach GmbH & Co. KG, Schafjückenweg 2, 26180 Rastede, Germany (hereinafter “CleverReach”). CleverReach is a service that can be used to organize and analyze the sending of newsletters. The data you enter for the purpose of subscribing to the newsletter (e.g. email address) will be stored on the CleverReach servers in Germany or Ireland. Our newsletters sent with CleverReach enable us to analyze the behavior of the newsletter recipients. This can include It is analyzed how many recipients have opened the newsletter message and how often which link in the newsletter was clicked. With the help of so-called conversion tracking, it can also be analyzed whether a previously defined action (e.g. purchase of a product on this website) took place after clicking on the link in the newsletter. Further information on data analysis by CleverReach newsletter is available at:
https://www.cleverreach.com/de/funktionen/reporting-und-tracking/. The data processing takes place on the basis of your consent (Art. 6 Para. 1 lit. a DSGVO). You can revoke this consent at any time by unsubscribing from the newsletter. The legality of the data processing operations that have already taken place remains unaffected by the revocation. If you do not want an analysis by CleverReach, you must unsubscribe from the newsletter. For this purpose, we provide a corresponding link in every newsletter message. The data you have stored with us for the purpose of subscribing to the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and deleted from the newsletter distribution list after you have canceled the newsletter. Data stored by us for other purposes remain unaffected. After you have been removed from the newsletter distribution list, your e-mail address may be stored by us or the newsletter service provider in a blacklist if this is necessary to prevent future mailings. The data from the blacklist is only used for this purpose and is not merged with other data. This serves both your interest and our interest in complying with the legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 Para. 1 lit. f GDPR). Storage in the blacklist is not limited in time.
You may object to the storage if your interests outweigh our legitimate interest.
For more information, see the privacy policy of CleverReach at:
https://www.cleverreach.com/de/datenschutz/.
Data processing
We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract mandated by data privacy laws that guarantees that they process personal data of our website visitors only based on our instructions and in compliance with the GDPR.
Affected products and versions
FortiOS: versions 7.0.0 up to and including 7.0.16
FortiProxy: Versions 7.0.0 up to and including 7.0.19, versions 7.2.0 up to and including 7.2.12
Unaffected versions
FortiOS: versions 6.4, 7.2, 7.4 and 7.6
FortiProxy: versions 2.0, 7.4 and 7.6
Quick action recommended
Fortinet strongly recommends updating to the latest unaffected versions to minimize the risk of an attack. Since the vulnerability is already being actively exploited, immediate action is required. Fortinet provides a help page for detailed information and specific instructions on how to update systems.
More at Sophos.com
About Fortinet
Fortinet (NASDAQ: FTNT) protects the most valuable resources of some of the largest companies, service providers and government agencies worldwide. We offer our customers complete transparency and control over the expanding attack surface as well as the ability to meet ever higher performance requirements now and in the future. Only the Fortinet Security Fabric platform can address the most critical security challenges and protect data across the entire digital infrastructure, whether in network, application, multi-cloud or edge environments. Fortinet is # 1 when it comes to the most commonly shipped security appliances. More than 455.000 customers trust Fortinet to protect their brands. Both a technology company and a training company, the Fortinet Network Security Expert (NSE) Institute has one of the largest and most comprehensive cyber security training programs in the industry. More information on this at www.fortinet.de, in the Fortinet blog or at FortiGuard Labs.
Matching articles on the topic
