CVE-2024-55591
- Reference to the description:
- Description:
- An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS version 7.0.0 through 7.0.16 and FortiProxy version 7.0.0 through 7.0.19 and 7.2.0 through 7.2.12 allows a remote attacker to gain super-admin privileges via crafted requests to Node.js websocket module.
- Last updated date:
- 01/23/2025
Reports
ACTIVELY EXPLOITED
- Type:
- exploitation
- Confidence:
- MEDIUM
- Date of publishing:
- 01/14/2025
- Reference url to background
https://www.cisa.gov/known-exploited-vulnerabilities-catalog
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 01/16/2025
- Reference url to background
https://github.com/watchtowrlabs/fortios-auth-bypass-check-CVE-2024-55591
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 01/21/2025
- Reference url to background
https://github.com/sysirq/fortios-auth-bypass-poc-CVE-2024-55591
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 01/22/2025
- Reference url to background
https://github.com/sysirq/fortios-auth-bypass-exploit-CVE-2024-55591
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 01/24/2025
- Reference url to background
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 01/25/2025
- Reference url to background
https://github.com/robomusk52/exp-cmd-add-admin-vpn-CVE-2024-55591
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 01/27/2025
- Reference url to background
https://github.com/watchtowrlabs/fortios-auth-bypass-poc-CVE-2024-55591
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 01/29/2025
- Reference url to background