CVE-2024-55591CISA KEV: Actively Exploited

Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability

Published Jan 14, 2025·Updated Jan 14, 2025

Description

Fortinet FortiOS and FortiProxy contain an authentication bypass vulnerability that may allow an unauthenticated, remote attacker to gain super-admin privileges via crafted requests to Node.js websocket module.

Public Exploits & PoCs5 found

PoC: CVE-2024-55591

#PoC for CVE-2024-55591 Authentication bypass Affects: FortiOS 7.0.0 to 7.0.16 , FortiProxy 7.0.0 to 7.0.19 ,FortiProxy 7.2.0 to 7.2.12

PoC: CVE-2024-55591-POC

A comprehensive all-in-one Python-based Proof of Concept script to discover and exploit a critical authentication bypass vulnerability (CVE-2024-55591) in certain Fortinet devices.

PoC: CVE-2024-55591

An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS and FortiProxy may allow a remote attacker to gain super-admin privileges via crafted requests to Node.js websocket module.

PoC: Private-CVE-2024-55591.

Private CVE-2024-55591

PoC: fortios-auth-bypass-check-CVE-2024-55591

Checks for authentication bypass vulnerability inFortinet's FortiOS, potentially exploited by remote attackers.

References

View on NVD Search GitHub Search Google

Get alerted for CVEs like this

Register your stack and get notified within minutes when a matching CVE drops.

Start monitoring free