CVE-2024-55591 is a critical privilege escalation vulnerability affecting FortiOS versions 7.0.0 through 7.0.16 and FortiProxy versions 7.0.0 through 7.0.19 and 7.2.0 through 7.2.12. It allows an unauthenticated, remote attacker to gain superadministrator privileges by sending specially crafted requests to the Node.js WebSocket module.
This vulnerability has been actively exploited since November 2024, potentially affecting tens of thousands of internet-facing devices. Attackers were able to modify firewall configurations, create new administrative accounts, and access sensitive information.
Fortinet has released patches for the vulnerable versions:
- FortiOS:
- Update to version 7.0.17 or later.
- FortiProxy:
- Update to version 7.0.20 or later.
- For versions 7.2.0 through 7.2.12, update to version 7.2.13 or later.
It is recommended that you apply these updates as soon as possible to mitigate the risks associated with this vulnerability.
Added ONYPHE detection
This detection was added on February 14, 2025 in our engine.
