TTCSIRT – 440. 14.02.2025 – Cybersecurity Advisory: Fortinet FortiGate Authentication Bypass Zero-Day Vulnerability (CVE-2024-55591)
TT-CSIRT would like to bring to your attention a potential critical zero-day vulnerability impacting Fortinet FortiGate firewalls and FortiProxy devices. This vulnerability, tracked by Arctic Wolfas CVE-2024-55591, allows remote attackers to bypass authentication mechanisms and gain unauthorized administrative access to management interfaces.
Key Details:
- Impact:
- Unauthorized administrative logins.
- Creation of new administrative accounts.
- Exploitation of SSL VPN authentication.
- Potential for unauthorized configuration changes.
- Affected Versions:
- FortiOS: Versions 7.0.0 through 7.0.16.
- FortiProxy: Versions 7.0.0 through 7.0.19 and 7.2.0 through 7.2.12.
Recommended Actions:
- Disable Public Management Interface: Ensure that management interfaces are not accessible over the public internet.
- Apply Updates: Monitor Fortinet’s official site for patches and apply them as soon as they become available.
- Review Logs: Audit device logs for any unauthorized access or suspicious activities.
- Implement Network Segmentation: Limit access to critical systems from potentially vulnerable devices.
- Restrict Access: Configure access to management interfaces using VPN or internal networks only. Disable HTTP/HTTPS administrative interface access if not required.
Additional Resources
For further information and updates on this vulnerability, please refer to the following resources:
- Fortinet Security Advisories and Recommendations: https://fortiguard.fortinet.com/psirt/FG-IR-24-535
- Artic Hub: https://arcticwolf.com/resources/blog/console-chaos-targets-fortinet-fortigate-firewalls/
- Bleeping Computer: https://cybersecuritynews.com/fortinet-fortigate-firewalls-under-attack-by-exploit-a-zero-day-vulnerability/
If you have any queries, comments or require assistance, please feel free to contact the TT-CSIRT via contacts@ttcsirt.gov.tt
Act promptly to safeguard your systems against potential exploitation.
