CVE-2024-55591
An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS version 7.0.0 through 7.0.16 and FortiProxy...
Basic Information
- CVE State
- PUBLISHED
- Reserved Date
- December 09, 2024
- Published Date
- January 14, 2025
- Last Updated
- January 23, 2025
- Vendor
- Fortinet
- Product
- FortiOS, FortiProxy
- Description
- An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS version 7.0.0 through 7.0.16 and FortiProxy version 7.0.0 through 7.0.19 and 7.2.0 through 7.2.12 allows a remote attacker to gain super-admin privileges via crafted requests to Node.js websocket module.
CVSS Scores
CVSS v3.1
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:W/RC:C
SSVC Information
- Exploitation
- active
- Automatable
- Yes
- Technical Impact
- total
Known Exploited Vulnerability Information
| Source | Added Date |
|---|---|
| CISA | 2025-01-14 00:00:00 UTC |
Scanner Integrations
| Scanner | URL | Date Detected |
|---|---|---|
| Nuclei | https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-55591.yaml | 2025-04-26 00:00:00 UTC |
Potential Proof of Concepts
Warning: These PoCs have not been tested and could contain malware. Use at your own risk.
exfil0/CVE-2024-55591-POC
Type: github • Created: 2025-01-29 14:54:40 UTC • Stars: 10
watchtowrlabs/fortios-auth-bypass-poc-CVE-2024-55591
Type: github • Created: 2025-01-27 06:25:53 UTC • Stars: 52
virus-or-not/CVE-2024-55591
Type: github • Created: 2025-01-24 20:29:56 UTC • Stars: 5
sysirq/fortios-auth-bypass-exploit-CVE-2024-55591
Type: github • Created: 2025-01-22 14:16:30 UTC • Stars: 3
sysirq/fortios-auth-bypass-poc-CVE-2024-55591
Type: github • Created: 2025-01-21 12:30:21 UTC • Stars: 23
watchtowrlabs/fortios-auth-bypass-check-CVE-2024-55591
Type: github • Created: 2025-01-16 07:26:15 UTC • Stars: 65