Login
iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
FortiGuard Labs issues CVE after reports of “mass exploitation” of its firewall devices late last year.
Fortinet has addressed Arctic Wolf’s claims that its Fortinet FortiGate firewall devices were impacted by a widespread hacking campaign late last year.
The company officially disclosed CVE-2024-55591 overnight and released its own mitigation advice.
“An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS and FortiProxy may allow a remote attacker to gain super-admin privileges via crafted requests to Node.js websocket module,” FortiGuard Labs said in Product Security Incident Response Team update dated 14 January.
“Please note that reports show this is being exploited in the wild.”
The vulnerability is present in FortiOS versions 7.0.0 through 7.0.16, FortiProxy versions 7.2.0 through 7.2.12 and 7.0.0 through 7.0.19.
In all cases, FortiGuard Labs recommends users upgrade to later versions. Alternatively, users should disable the HTTP/HTTPS administrative interface of the affected devices or limit the IP addresses that can access the administrative interface.
“The previously rumoured, now confirmed, Fortinet FortiGate authentication bypass – officially recognised today as CVE-2024-55591 – was reportedly observed in active use by Arctic Wolf prior to its disclosure,” said Benjamin Harris, CEO and founder of cyber security firm watchTowr.
“We’re unsure what it says about the state of VPN appliance security that two vendors have so closely competed to be first to be publicly responding to an issue of this severity in 2025 – but regardless, this marks the latest vulnerability in a mission-critical appliance (that provides security-focused capabilities) to bear the hallmarks of zero-day exploitation by an APT group.
“While the situation remains fluid, we want to ensure that the severity of the situation is clear. It is critical for FortiGate appliance users and administrators to recognise that this is once again not just a “reported vulnerability,” but that if rapid reaction measures have not already been taken, administrators should be jumping straight to looking for the signs of compromise outlined by Fortinet within their advisory.”
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.
