COOEY // HUBcompliance · community · intelligence

Exposures › CVE-2024-55591

CVE-2024-55591

Severity
critical · on CISA KEV actively exploited
Source
CISA-KEV · kev
Published
2025-01-14
Reference
https://nvd.nist.gov/vuln/detail/CVE-2024-55591
⚡ RCE ⌖ exploited in the wild shame 88/100 ransomwareexploited-in-wildunpatchedauth-bypassrcenegligence

An unauthenticated remote attacker can bypass authentication to gain super-admin privileges on Fortinet FortiOS and FortiProxy via a Node.js websocket module flaw.

This authentication bypass allows attackers to escalate to super-admin without credentials, enabling full system compromise and data exfiltration. DIB organizations must patch FortiOS and FortiProxy immediately and verify Node.js websocket module integrity, as this flaw is actively exploited in the wild and linked to ransomware campaigns.

Shame score — A critical authentication bypass in a core firewall product that is actively exploited in the wild and linked to ransomware, demonstrating severe negligence and avoidable risk.

Players implicated

Fortinet · vendorFortiOS and FortiProxy · product

Description

Fortinet FortiOS and FortiProxy contain an authentication bypass vulnerability that may allow an unauthenticated, remote attacker to gain super-admin privileges via crafted requests to Node.js websocket module.

Affected FedRAMP products 0 in the catalog

No correlated FedRAMP products.