CVE-2024-55591 Scanner

Fortinet FortiOS is an advanced network security operating system developed by Fortinet, widely used in enterprise environments to manage firewalls, VPNs, intrusion prevention systems, and security policies. It provides threat intelligence, real-time monitoring, and centralized management to secure network infrastructure. Fortinet FortiProxy is a secure web proxy solution designed to protect web applications, enforce compliance, and prevent data breaches. These products are commonly used in corporate networks, government organizations, and cloud environments. Fortinet solutions offer deep packet inspection, next-generation firewall capabilities, and traffic control mechanisms. Due to their critical security role, vulnerabilities in FortiOS or FortiProxy can have severe consequences. Security administrators rely on timely patches and updates to mitigate emerging threats.

The authentication bypass vulnerability (CWE-288) in Fortinet FortiOS and FortiProxy allows an attacker to gain unauthorized access to administrative functions. By exploiting flaws in the Node.js WebSocket module, an attacker can craft specific requests to bypass authentication controls. This can lead to a complete compromise of the security appliance, allowing full access without credentials. The vulnerability affects FortiOS versions 7.0.0 through 7.0.16 and FortiProxy versions 7.0.0 through 7.0.19, 7.2.0 through 7.2.12. Exploiting this issue could grant super-admin privileges to an unauthenticated remote attacker. This poses a high-security risk, particularly in enterprise environments using Fortinet devices for critical security functions.

The vulnerability is triggered when specially crafted WebSocket requests are sent to the affected Fortinet FortiOS or FortiProxy endpoints. The attacker initiates a connection upgrade request using the WebSocket protocol and abuses insufficient authentication validation mechanisms. The exploitation process involves sending HTTP requests to the login page, which redirects the attacker while preserving unauthorized access. Furthermore, specific crafted headers and parameters manipulate the authentication logic, resulting in an unauthorized session. The vulnerable WebSocket endpoint fails to verify session credentials, allowing attackers to gain high-level access. This flaw is particularly dangerous as it does not require prior authentication or user interaction.

When exploited, this vulnerability can lead to unauthorized administrative access, allowing attackers to manipulate firewall rules, exfiltrate sensitive data, or disable security measures. It can result in network-wide compromise, unauthorized configuration changes, and exposure of confidential information. Attackers may create backdoors, escalate privileges, and use compromised systems as pivot points for further attacks. Organizations relying on FortiOS for network security may face complete security failure, leading to potential data breaches and service disruptions. The exploitation of this flaw can also lead to severe compliance violations and financial losses. This makes it crucial to apply patches and mitigate the vulnerability promptly.

REFERENCES

• https://github.com/souzatyler/fortios-auth-bypass-check-CVE-2024-55591
• https://github.com/watchtowrlabs/fortios-auth-bypass-check-CVE-2024-55591
• https://github.com/20142995/nuclei-templates
• https://github.com/Ostorlab/KEV
• https://github.com/cyb3r-w0lf/nuclei-template-collection