CVE-2024-55591 Scanner
Detects ‘Authentication Bypass’ vulnerability in Fortinet FortiOS affects v. 7.0.0 through 7.0.16 and FortiProxy v. 7.0.0 through 7.0.19 and 7.2.0 through 7.2.12. This scanner helps identify unauthenticated access paths that may lead to super-admin privilege escalation.
Short Info
Level
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 seconds
Time Interval
20 days 9 hours
Scan only one
Domain, Subdomain, IPv4
Toolbox
-
Fortinet FortiOS is a popular network security operating system used in Fortinet products such as firewalls, VPNs, and unified threat management appliances. It is deployed in enterprise, government, and service provider environments to protect against a wide range of network threats. FortiProxy, a component of the Fortinet suite, is used to provide advanced web filtering, caching, and secure web access. These systems are typically managed by network administrators and security teams to ensure safe and reliable access control. Fortinet products are integrated into both on-premise and cloud-based environments. Due to their critical position in network security, vulnerabilities in Fortinet systems can pose significant risk to organizational infrastructure.
The vulnerability being tested is an authentication bypass caused by the use of an alternate path or channel to access administrative functions. This flaw allows a remote attacker to exploit the WebSocket module in Node.js to circumvent the normal authentication flow. As a result, the attacker can gain unauthorized access to protected interfaces. By exploiting this weakness, a malicious user may obtain super-admin privileges without prior authentication. This type of vulnerability is critical because it undermines the trust and security model of the system. The issue affects specific versions of FortiOS and FortiProxy, as outlined in the CVE description.
The vulnerability resides in how FortiOS and FortiProxy handle certain WebSocket upgrade requests. Specifically, sending a request to a crafted path such as `/watchTowr-
If exploited, the vulnerability can allow unauthorized remote attackers to gain super-admin level access to the Fortinet device. This means full control over the device’s configuration, monitoring, and security enforcement features. Such unauthorized access could lead to severe breaches including modification of firewall rules, access to sensitive logs and data, and pivoting into internal networks. An attacker may disable security services, hide malicious activity, or use the compromised device to launch further attacks. In high-security environments, this can compromise the integrity of the entire network perimeter. As a critical issue, it requires immediate attention and remediation.