CVE-2024-55591 Scanner

Fortinet FortiOS is the operating system powering Fortinet's security appliances, including FortiGate and FortiProxy. It provides firewall, VPN, intrusion prevention, and other enterprise-grade network security services. FortiOS is widely deployed in corporate, government, and service provider networks due to its rich feature set and strong performance. It is managed via a web interface, CLI, or APIs that enable secure access and configuration. As a central component of network defense, any vulnerability in FortiOS poses significant risks. Proper hardening and patching are essential for maintaining a secure perimeter.

This scanner detects a critical Information Disclosure vulnerability in FortiOS tracked as CVE-2024-55591. The flaw resides in the exposure of a JavaScript service worker file (`service-worker.js`) that contains internal endpoint references and potentially sensitive information. The file is accessible without authentication, allowing an attacker to retrieve API structure and configuration data. This can assist in further attacks, including bypassing authentication or accessing protected resources. The flaw impacts confidentiality, integrity, and availability depending on the system configuration and follow-up actions by the attacker.

The vulnerability is triggered by accessing the `/service-worker.js` file with a manipulated query string. The scanner checks for response content that includes internal API references (e.g., `api/v2/static`) and JavaScript event listeners (`self.addEventListener`). These indicators suggest that the JavaScript file is active and exposed publicly. The presence of the proper `application/javascript` content type and a successful 200 HTTP status confirms the misconfiguration. Because the file may include internal route mappings and logic, its exposure can assist attackers in crafting targeted requests or reverse engineering authentication mechanisms.

Exploitation of this vulnerability can lead to unauthorized information access, including internal URLs, token references, or API paths. While the vulnerability itself does not directly lead to code execution or account takeover, it significantly weakens the security posture by exposing internals to unauthenticated users. When combined with other flaws or misconfigurations, this information can facilitate authentication bypass or exploitation of additional endpoints. Systems exposed to public networks are particularly at risk. Immediate remediation is required to prevent exploitation and information leakage.

REFERENCES

• https://github.com/watchtowrlabs/fortios-auth-bypass-poc-CVE-2024-55591/blob/main/CVE-2024-55591-PoC.py