CVE-2024-55591
FortiOS Authentication Bypass via Node.js WebSocket
Critical authentication bypass vulnerability in Fortinet FortiOS and FortiProxy. Remote unauthenticated attackers can gain super-admin privileges via the Node.js WebSocket module. Actively exploited as a zero-day since November 2024.
Active Threat Actor Exploitation
This vulnerability is being actively exploited by:
CVE-2024-55591 is an authentication bypass vulnerability in Fortinet FortiOS and FortiProxy. A remote, unauthenticated attacker can send specially crafted requests to the Node.js websocket module to gain super-admin privileges on vulnerable devices.
Key Facts
- CVSS Score: 9.6 (Critical)
- Attack Vector: Network (Remote, No Authentication)
- Active zero-day exploitation since November 2024
- CISA KEV catalog addition: January 17, 2025
- Used by Qilin ransomware affiliates for initial access
Vulnerable Versions
| Product | Vulnerable Versions | Fixed Version |
|---|---|---|
| FortiOS | 7.0.0 through 7.0.16 | 7.0.17 or above |
| FortiProxy | 7.0.0 through 7.0.19 | 7.0.20 or above |
| FortiProxy | 7.2.0 through 7.2.12 | 7.2.13 or above |
Full report content will be loaded from Artemis.
Contact us if you need the complete report.
Detect CVE-2024-55591 Exploitation in Real-Time
BRACE identifies exploitation attempts for this vulnerability and alerts your team immediately:
- Suspicious jsconsole login activity detection
- Rogue admin account creation alerts
- SSL VPN anomaly detection
- FortiGate configuration change monitoring
Stay Ahead of CVE-2024-55591 Exploitation
BRACE monitors for exploitation of this vulnerability and 500+ other actively exploited CVEs. Get continuous protection without the manual hunting.