CVE-2024-55591

nvd nist nuclei

Published: Jan 14, 2025Modified: Oct 24, 2025CISA KEV

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS version 7.0.0 through 7.0.16 and FortiProxy version 7.0.0 through 7.0.19 and 7.2.0 through 7.2.12 allows a remote attacker to gain super-admin privileges via crafted requests to Node.js websocket module.

Affected (3)

Products: Fortinet: Fortios, Fortiproxy

2 products

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Fortinet Fortios	From 7.0.0 to 7.0.17
Fortinet Fortiproxy	From 7.0.0 to 7.0.20
Fortinet Fortiproxy	From 7.2.0 to 7.2.13

Related CWEs

Authentication Bypass Using an Alternate Path or Channel

A product requires authentication, but the product has an alternate path or channel that does not require authentication.

References (2)

https://fortiguard.fortinet.com/psirt/FG-IR-24-535

Source: psirt@fortinet.com

MitigationVendor Advisory

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-55591

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

US Government Resource

Timeline

No history available yet.