CVE-2024-55591
Published: 14 January 2025
Summary
CVE-2024-55591 is a critical-severity Authentication Bypass Using an Alternate Path or Channel (CWE-288) vulnerability in Fortinet Fortiproxy. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 0.1% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SI-5 (Security Alerts, Advisories, and Directives).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
SI-2 requires timely identification, reporting, and patching of software flaws such as CVE-2024-55591, directly preventing authentication bypass exploitation in the Node.js websocket module.
SI-5 mandates monitoring and response to security alerts, advisories, and directives like CISA KEV catalog and Fortinet FG-IR-24-535, enabling proactive patching of this vulnerability.
RA-5 vulnerability scanning detects the presence of CVE-2024-55591 in vulnerable FortiOS and FortiProxy versions, supporting remediation to block remote super-admin privilege escalation.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Authentication bypass in public-facing FortiOS/FortiProxy management interface (websocket) directly enables remote exploitation for initial access and admin privileges.
NVD Description
An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS version 7.0.0 through 7.0.16 and FortiProxy version 7.0.0 through 7.0.19 and 7.2.0 through 7.2.12 allows a remote attacker to gain super-admin privileges via crafted requests to Node.js…
more
websocket module.
Deeper analysisAI
CVE-2024-55591 is an authentication bypass vulnerability using an alternate path or channel (CWE-288) that affects FortiOS versions 7.0.0 through 7.0.16 and FortiProxy versions 7.0.0 through 7.0.19 as well as 7.2.0 through 7.2.12. The issue stems from the Node.js websocket module, where crafted requests enable attackers to circumvent authentication controls.
A remote, unauthenticated attacker can exploit this vulnerability over the network with low complexity and no user interaction required, as indicated by its CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Successful exploitation grants super-admin privileges, potentially allowing full compromise of the affected device.
Fortinet's PSIRT advisory (FG-IR-24-535) details the vulnerability and mitigation steps, including upgrading to patched versions. The flaw is also listed in CISA's Known Exploited Vulnerabilities Catalog, signaling active exploitation and recommending immediate remediation by federal agencies and critical infrastructure operators.
Its inclusion in CISA's KEV catalog highlights real-world exploitation risks, underscoring the urgency for Fortinet users to apply available patches.
Details
- CWE(s)
- KEV Date Added
- 14 January 2025