Fortinet Warns of Actively Exploited Zero-Day Vulnerability in FortiOS and FortiProxy
Fortinet has warned about a critical zero-day vulnerability (CVE-2024-55591) affecting FortiOS and FortiProxy. The German Federal Office for Information Security (BSI) rated it 9.6, issuing its second-highest warning level. Exploitation is ongoing, with threat actors targeting FortiGate firewalls since December 2024.
The vulnerability allows authentication bypass and grants remote attackers super-admin privileges via crafted requests to a Node.js web socket module. It impacts FortiOS versions 7.0.0 through 7.0.16 and FortiProxy versions 7.0.0 through 7.0.19 and versions 7.2.0 through 7.2.12.
Arctic Wolf observed a massive exploitation campaign affecting FortiGate firewall devices. Threat actors altered firewall configurations and extracted credentials using DCSync. To mitigate the vulnerability, users should upgrade FortiOS and FortiProxy, and apply specific local-in policies and workarounds.
Fortinet has confirmed that the vulnerability is actively exploited in the wild. Users are urged to apply the recommended mitigations promptly to protect their systems. Further information can be found in Fortinet's advisory and the BSI warning published on January 14th, 2025.
Read also:
- Pablo Escobar's Former Estate 'Hacienda Nápoles' to Be Transformed by Women's Organization
- Emergency services of the future revealed by Renault with the introduction of the Vision 4Rescue vehicle.
- Compromised Wi-Fi Router Causes Airport Delays, Highlights Aviation Cybersecurity Gaps
- Dortmund Customs Find Wage, Employment, and Benefit Fraud in Hotel and Gastronomy Sector
