CVE-2024-55591
Published: 14 January 2025
Summary
CVE-2024-55591 is a critical-severity Authentication Bypass Using an Alternate Path or Channel (CWE-288) vulnerability in Fortinet Fortiproxy. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 0.1% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SI-5 (Security Alerts, Advisories, and Directives).
Deeper analysis
CVE-2024-55591 is an authentication bypass vulnerability (CWE-288) that affects FortiOS versions 7.0.0 through 7.0.16 and FortiProxy versions 7.0.0 through 7.0.19 as well as 7.2.0 through 7.2.12. The flaw resides in the Node.js websocket module and permits remote attackers to circumvent normal authentication controls through specially crafted requests.
A remote attacker with no prior credentials or user interaction can send crafted websocket requests to obtain super-admin privileges on the affected device, resulting in full control over the system with impacts to confidentiality, integrity, and availability.
Fortinet has published advisory FG-IR-24-535 detailing the issue, and CISA has added the CVE to its Known Exploited Vulnerabilities catalog, confirming active exploitation in the wild.
The EPSS score has reached a peak of 0.9420 with a current value of 0.9412, indicating sustained high exploitation interest following disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-52819
Vulnerability details
An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS version 7.0.0 through 7.0.16 and FortiProxy version 7.0.0 through 7.0.19 and 7.2.0 through 7.2.12 allows a remote attacker to gain super-admin privileges via crafted requests to Node.js…
more
websocket module.
- CWE(s)
- KEV Date Added
- 14 January 2025
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Authentication bypass in public-facing FortiOS/FortiProxy management interface (websocket) directly enables remote exploitation for initial access and admin privileges.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
SI-2 requires timely identification, reporting, and patching of software flaws such as CVE-2024-55591, directly preventing authentication bypass exploitation in the Node.js websocket module.
SI-5 mandates monitoring and response to security alerts, advisories, and directives like CISA KEV catalog and Fortinet FG-IR-24-535, enabling proactive patching of this vulnerability.
RA-5 vulnerability scanning detects the presence of CVE-2024-55591 in vulnerable FortiOS and FortiProxy versions, supporting remediation to block remote super-admin privilege escalation.