{"id":1375,"date":"2025-01-16T08:48:34","date_gmt":"2025-01-16T16:48:34","guid":{"rendered":"https:\/\/www.cycognito.com\/blog\/?p=1375"},"modified":"2025-01-16T08:48:36","modified_gmt":"2025-01-16T16:48:36","slug":"emerging-threat-fortinet-cve-2024-55591","status":"publish","type":"post","link":"https:\/\/www.cycognito.com\/blog\/emerging-threat-fortinet-cve-2024-55591\/","title":{"rendered":"Emerging Threat: Fortinet CVE-2024-55591"},"content":{"rendered":"\n<h2 class=\"wp-block-heading\">What is CVE-2024-55591?&nbsp;<\/h2>\n\n\n\n<p>On January 14, 2025, Fortinet disclosed a new critical (CVSS 9.6) authentication bypass vulnerability affecting FortiOS and FortiProxy. This vulnerability, CVE-2024-55591, allows unauthenticated remote attackers to target the Node.js WebSocket module of the administrative interface and potentially gain super-admin privileges.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">What assets are affected by CVE-2024-55591?&nbsp;<\/h2>\n\n\n\n<p>The following assets are affected by CVE-2024-55591:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>FortiOS version 7.0.0 through 7.0.16\u00a0<\/li>\n\n\n\n<li>FortiProxy version 7.0.0 through 7.0.19 and 7.2.0 through 7.2.12<\/li>\n<\/ul>\n\n\n\n<p>The following assets are NOT affected by CVE-2024-55591:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>FortiOS 7.2 through 7.6<\/li>\n\n\n\n<li>FortiOS 6.4<\/li>\n\n\n\n<li>FortiProxy 7.4 through 7.6<\/li>\n\n\n\n<li>FortiProxy 2.0<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Are fixes available?&nbsp;<\/h2>\n\n\n\n<p>Fortinet has released patches for all affected versions and recommends upgrading vulnerable assets as soon as possible.&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>FortiOS version 7.0.0 through 7.0.16: upgrade to 7.0.17 or above<\/li>\n\n\n\n<li>FortiProxy version 7.0.0 through 7.0.19: upgrade to 7.2.13 or above<\/li>\n\n\n\n<li>FortiProxy version 7.2.0 through 7.2.12: upgrade to 7.0.20 or above<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Are there any other recommended actions to take?&nbsp;<\/h2>\n\n\n\n<p>If patching is not feasible, Fortinet recommends restricting access to the administrative interface. Organizations can either disable the HTTP\/HTTPS administrative interface entirely or use local-in policies to limit IP addresses that can access the administrative interface.<\/p>\n\n\n\n<p>Fortinet has also provided Indicators of Compromise (IoCs) in their <a href=\"https:\/\/fortiguard.fortinet.com\/psirt\/FG-IR-24-535\">vendor advisory<\/a>.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Is CVE-2024-55591 being actively exploited?&nbsp;<\/h2>\n\n\n\n<p>Researchers at <a href=\"https:\/\/arcticwolf.com\/resources\/blog\/console-chaos-targets-fortinet-fortigate-firewalls\/\">Arctic Wolf<\/a> reported on January 10th, 2025 that this vulnerability may have been actively exploited in the wild since <a href=\"https:\/\/www.tenable.com\/blog\/cve-2024-55591-fortinet-authentication-bypass-zero-day-vulnerability-exploited-in-the-wild\">November 2024<\/a> as part of a larger campaign targeting exposed FortiGate firewall devices. As of January 15th, there is no public proof of concept available for CVE-2024-55591.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">How is CyCognito helping customers identify assets vulnerable to CVE-2024-55591?&nbsp;<\/h2>\n\n\n\n<p>CyCognito customers can review potentially affected assets within the platform to identify whether any assets are running these services with default HTTP\/HTTPS ports (tcp\/443, tcp\/80). Users also have access to an emerging threat advisory within the CyCognito platform.&nbsp;<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1280\" height=\"754\" src=\"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/Screenshot-2025-01-16-at-10.04.17\u202fAM-1280x754.webp\" alt=\"\" class=\"wp-image-1376\" srcset=\"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/Screenshot-2025-01-16-at-10.04.17\u202fAM-1280x754.webp 1280w, https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/Screenshot-2025-01-16-at-10.04.17\u202fAM-512x302.webp 512w, https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/Screenshot-2025-01-16-at-10.04.17\u202fAM-768x453.webp 768w, https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/Screenshot-2025-01-16-at-10.04.17\u202fAM-1536x905.webp 1536w, https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/Screenshot-2025-01-16-at-10.04.17\u202fAM.webp 1948w\" sizes=\"auto, (max-width: 1280px) 100vw, 1280px\" \/><\/figure>\n\n\n\n<p class=\"caption\">Figure 1: The alert sent by CyCognito for CVE-2024-55591<\/p>\n\n\n\n<p>It\u2019s worth noting that this comes on the heels of other serious vulnerabilities affecting FortiOS products. For more information about those vulnerabilities and CyCognito\u2019s response, check out our blog posts covering <a href=\"https:\/\/www.cycognito.com\/blog\/emerging-security-issue-fortinet-fortios-cve-2024-23113\/\">CVE-2024-23113<\/a> and <a href=\"https:\/\/www.cycognito.com\/blog\/emerging-threat-fortijump-cve-2024-47575\/\">CVE-2024-47575<\/a>.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">How can CyCognito help your organization?&nbsp;<\/h2>\n\n\n\n<p>CyCognito is an exposure management platform that reduces risk by discovering, testing and prioritizing security issues. The platform scans billions of websites, cloud applications and APIs and uses advanced AI to identify the most critical risks and guide remediation. Emerging companies, government agencies and Fortune 500 organizations rely on CyCognito to secure and protect from growing threats. Want to see how it works? Check out our website and explore our platform with a self-guided, interactive <a href=\"https:\/\/app.getreprise.com\/launch\/V6Waa5X\">dashboard product tour<\/a>. To learn how CyCognito can help you understand your external attack surface and exposed risks, please visit our <a href=\"https:\/\/www.cycognito.com\/contact\/\">Contact Us page<\/a> to schedule a demo.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>On January 14, 2025, Fortinet disclosed a new critical (CVSS 9.8) authentication bypass vulnerability affecting FortiOS and FortiProxy. CVE-2024-55591 allows unauthenticated remote attackers to target the Node.js WebSocket module of the administrative interface and potentially gain super-admin privileges. CyCognito is helping customers identify assets vulnerable to CVE-2024-55591. <\/p>\n","protected":false},"author":7,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[58,202,57],"class_list":["post-1375","post","type-post","status-publish","format-standard","hentry","category-research","tag-cve","tag-fortinet","tag-vulnerability"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v24.7 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Emerging Threat: Fortinet CVE-2024-55591 | CyCognito Blog<\/title>\n<meta name=\"description\" content=\"Fortinet disclosed CVE-2024-55591, a new critical (CVSS 9.8) authentication bypass vulnerability affecting FortiOS and FortiProxy.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.cycognito.com\/blog\/emerging-threat-fortinet-cve-2024-55591\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Emerging Threat: Fortinet CVE-2024-55591\" \/>\n<meta property=\"og:description\" content=\"Fortinet disclosed CVE-2024-55591, a new critical (CVSS 9.8) authentication bypass vulnerability affecting FortiOS and FortiProxy.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.cycognito.com\/blog\/emerging-threat-fortinet-cve-2024-55591\/\" \/>\n<meta property=\"og:site_name\" content=\"CyCognito Blog\" \/>\n<meta property=\"article:published_time\" content=\"2025-01-16T16:48:34+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-01-16T16:48:36+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/banner-blog-2025-01-16-2400x1256-email.png\" \/>\n\t<meta property=\"og:image:width\" content=\"2400\" \/>\n\t<meta property=\"og:image:height\" content=\"1256\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Emma Zaballos\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Emma Zaballos\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/emerging-threat-fortinet-cve-2024-55591\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/emerging-threat-fortinet-cve-2024-55591\/\"},\"author\":{\"name\":\"Emma Zaballos\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/#\/schema\/person\/42c314196e7f096a74bd885693643d58\"},\"headline\":\"Emerging Threat: Fortinet CVE-2024-55591\",\"datePublished\":\"2025-01-16T16:48:34+00:00\",\"dateModified\":\"2025-01-16T16:48:36+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/emerging-threat-fortinet-cve-2024-55591\/\"},\"wordCount\":456,\"publisher\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/#organization\"},\"keywords\":[\"CVE\",\"Fortinet\",\"Vulnerability\"],\"articleSection\":[\"Research\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/emerging-threat-fortinet-cve-2024-55591\/\",\"url\":\"https:\/\/www.cycognito.com\/blog\/emerging-threat-fortinet-cve-2024-55591\/\",\"name\":\"Emerging Threat: Fortinet CVE-2024-55591 | CyCognito Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/#website\"},\"datePublished\":\"2025-01-16T16:48:34+00:00\",\"dateModified\":\"2025-01-16T16:48:36+00:00\",\"description\":\"Fortinet disclosed CVE-2024-55591, a new critical (CVSS 9.8) authentication bypass vulnerability affecting FortiOS and FortiProxy.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/emerging-threat-fortinet-cve-2024-55591\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.cycognito.com\/blog\/emerging-threat-fortinet-cve-2024-55591\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/emerging-threat-fortinet-cve-2024-55591\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.cycognito.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Emerging Threat: Fortinet CVE-2024-55591\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/#website\",\"url\":\"https:\/\/www.cycognito.com\/blog\/\",\"name\":\"Cycognito Blog\",\"description\":\"Research, Product News and Latest Updates\",\"publisher\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.cycognito.com\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/#organization\",\"name\":\"Cycognito\",\"url\":\"https:\/\/www.cycognito.com\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/logo-1720x550-1.png\",\"contentUrl\":\"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/logo-1720x550-1.png\",\"width\":1720,\"height\":550,\"caption\":\"Cycognito\"},\"image\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/#\/schema\/person\/42c314196e7f096a74bd885693643d58\",\"name\":\"Emma Zaballos\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/7ff812a5ab34a955a1e815e6719c68a7?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/7ff812a5ab34a955a1e815e6719c68a7?s=96&d=mm&r=g\",\"caption\":\"Emma Zaballos\"},\"description\":\"Product Marketing Manager\",\"url\":\"https:\/\/www.cycognito.com\/blog\/author\/emma-zaballos\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Emerging Threat: Fortinet CVE-2024-55591 | CyCognito Blog","description":"Fortinet disclosed CVE-2024-55591, a new critical (CVSS 9.8) authentication bypass vulnerability affecting FortiOS and FortiProxy.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.cycognito.com\/blog\/emerging-threat-fortinet-cve-2024-55591\/","og_locale":"en_US","og_type":"article","og_title":"Emerging Threat: Fortinet CVE-2024-55591","og_description":"Fortinet disclosed CVE-2024-55591, a new critical (CVSS 9.8) authentication bypass vulnerability affecting FortiOS and FortiProxy.","og_url":"https:\/\/www.cycognito.com\/blog\/emerging-threat-fortinet-cve-2024-55591\/","og_site_name":"CyCognito Blog","article_published_time":"2025-01-16T16:48:34+00:00","article_modified_time":"2025-01-16T16:48:36+00:00","og_image":[{"width":2400,"height":1256,"url":"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/banner-blog-2025-01-16-2400x1256-email.png","type":"image\/png"}],"author":"Emma Zaballos","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Emma Zaballos","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.cycognito.com\/blog\/emerging-threat-fortinet-cve-2024-55591\/#article","isPartOf":{"@id":"https:\/\/www.cycognito.com\/blog\/emerging-threat-fortinet-cve-2024-55591\/"},"author":{"name":"Emma Zaballos","@id":"https:\/\/www.cycognito.com\/blog\/#\/schema\/person\/42c314196e7f096a74bd885693643d58"},"headline":"Emerging Threat: Fortinet CVE-2024-55591","datePublished":"2025-01-16T16:48:34+00:00","dateModified":"2025-01-16T16:48:36+00:00","mainEntityOfPage":{"@id":"https:\/\/www.cycognito.com\/blog\/emerging-threat-fortinet-cve-2024-55591\/"},"wordCount":456,"publisher":{"@id":"https:\/\/www.cycognito.com\/blog\/#organization"},"keywords":["CVE","Fortinet","Vulnerability"],"articleSection":["Research"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.cycognito.com\/blog\/emerging-threat-fortinet-cve-2024-55591\/","url":"https:\/\/www.cycognito.com\/blog\/emerging-threat-fortinet-cve-2024-55591\/","name":"Emerging Threat: Fortinet CVE-2024-55591 | CyCognito Blog","isPartOf":{"@id":"https:\/\/www.cycognito.com\/blog\/#website"},"datePublished":"2025-01-16T16:48:34+00:00","dateModified":"2025-01-16T16:48:36+00:00","description":"Fortinet disclosed CVE-2024-55591, a new critical (CVSS 9.8) authentication bypass vulnerability affecting FortiOS and FortiProxy.","breadcrumb":{"@id":"https:\/\/www.cycognito.com\/blog\/emerging-threat-fortinet-cve-2024-55591\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.cycognito.com\/blog\/emerging-threat-fortinet-cve-2024-55591\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.cycognito.com\/blog\/emerging-threat-fortinet-cve-2024-55591\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.cycognito.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Emerging Threat: Fortinet CVE-2024-55591"}]},{"@type":"WebSite","@id":"https:\/\/www.cycognito.com\/blog\/#website","url":"https:\/\/www.cycognito.com\/blog\/","name":"Cycognito Blog","description":"Research, Product News and Latest Updates","publisher":{"@id":"https:\/\/www.cycognito.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.cycognito.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.cycognito.com\/blog\/#organization","name":"Cycognito","url":"https:\/\/www.cycognito.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.cycognito.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/logo-1720x550-1.png","contentUrl":"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/logo-1720x550-1.png","width":1720,"height":550,"caption":"Cycognito"},"image":{"@id":"https:\/\/www.cycognito.com\/blog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.cycognito.com\/blog\/#\/schema\/person\/42c314196e7f096a74bd885693643d58","name":"Emma Zaballos","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.cycognito.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/7ff812a5ab34a955a1e815e6719c68a7?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/7ff812a5ab34a955a1e815e6719c68a7?s=96&d=mm&r=g","caption":"Emma Zaballos"},"description":"Product Marketing Manager","url":"https:\/\/www.cycognito.com\/blog\/author\/emma-zaballos\/"}]}},"_links":{"self":[{"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/posts\/1375","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/users\/7"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/comments?post=1375"}],"version-history":[{"count":1,"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/posts\/1375\/revisions"}],"predecessor-version":[{"id":1378,"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/posts\/1375\/revisions\/1378"}],"wp:attachment":[{"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/media?parent=1375"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/categories?post=1375"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/tags?post=1375"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}