Emergency Security Bulletin: FortiOS & FortiProxy Authentication Bypass Vulnerability

About:

RedLegg will occasionally communicate vulnerabilities released outside the usual release schedule to provide additional value to our customers. These emergency bulletins describe vulnerabilities or threats we classify as the highest severity level and warrant out-of-band emergency patching or mitigation action.

VULNERABILITIES

FortiOS & FortiProxy Authentication bypass in Node.js Websocket Module

CVSS Score: 9.6 (Critical)
Identifier: CVE-2024-55591
Exploit or POC: Yes, this vulnerability has been exploited in the wild.
Update: CVE-2024-55591 – Fortinet Security Advisory

Description: CVE-2024-55591 is an Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS and FortiProxy. This vulnerability may allow a remote attacker to gain super-admin privileges via crafted requests to the Node.js websocket module.

Mitigation Recommendation: Patching is currently the only method of mitigation. Please update to the latest software versions as listed in the Fortinet Security Advisory. Immediate patching is recommended to prevent potential exploitation.