Brand ClaimErleben, was verbindet

Advisory 2025-0092 - Fortinet FortiOS: Vulnerability allows gaining administrative rights

Notice: This advisory is by exception shown completely public. You will regularly receive details on vulnerability information as a customer via your login or through our daily advisory e-mail.
5
Attack probability
high
5
Potential damage
high
remote anonymous attackerExploit available
Date
2025-01-15
Release
2025-01-15

Operating System

  • Sonstiges

Software

  • Fortinet FortiOS < 7.0.17
  • Fortinet FortiProxy < 7.0.20
  • Fortinet FortiProxy < 7.2.13

Attack

A remote anonymous attacker can exploit a vulnerability in Fortinet FortiOS and Fortinet FortiProxy in order to gain administrative rights.

Description

FortiOS is a hardened Operating System for FortiGate platforms. FortiProxy is a web proxy solution.

CVE-2024-55591

There is a vulnerability in Fortinet FortiOS and Fortinet FortiProxy. It is possible to bypass authentication in the Node.js WebSocket module by using an alternate path or channel. A remote, anonymous attacker can exploit this vulnerability to gain super administrator privileges by sending crafted requests to the Node.js WebSocket module.

CVSSv2 Base Score: 10.0 / Temporal Score: 8.7
AV:N/AC:L/AU:N/C:C/I:C/A:C/E:H/RL:OF/RC:ND
CVSSv3.1 Base Score: 9.8 / Temporal Score: 9.4
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:X

The vulnerability is already being actively exploited in large scale.

Recommendation

Fortinet provides updates. Please update your installation and see the vendor's advisory to find the proper version suitable for your environment.
https://www.fortiguard.com/psirt/FG-IR-24-535

Information

FortiGuard PSIRT Advisory dated 2025-01-14
https://www.fortiguard.com/psirt/FG-IR-24-535

References

CVE:CVE-2024-55591
FORTINET:FG-IR-24-535

Disclaimer

*The probability of an attack is determined by the attacker's motivation, the necessary expend and the possibilities for an attack. The damage probability is determined by the expend needed to resolute the attack and probable indirect consequences of an attack for business processes. Telekom Security assumes worst case scenarios.

Copyright © 1999-2025 Deutsche Telekom Security GmbH. All rights reserved. Reproduction and distribution of this publication in any form - even in parts - without prior written permission is forbidden.

The information contained herein has been obtained from sources believed to be reliable and trusted or have been verified. Telekom Security can take liability for completeness, accuracy and correctness only in so far, as gross negligence or intention create liability. Any liability beyond it, in particular possible damages resulting from using or non-usability of the information contained herein, is excluded.