Security News > 2025 > January > Fortinet fixes FortiOS zero-day exploited by attackers for months (CVE-2024-55591)
2025-01-14 17:15
Fortinet has patched an authentication bypass vulnerability (CVE-2024-55591) affecting its FortiOS firewalls and FortiProxy web gateways that has been exploited as a zero-day by attackers to compromise publicly-exposed FortiGate firewalls. While Fortinet acknowledged in-the-wild exploitation in the accompanying security advisory, they did share any attack-related information except indicators of compromise (IoCs): IP addresses, log entries, created users, and a list of operations performed by the threat actor. Some of those IoCs overlap with those shared … More → The post Fortinet fixes FortiOS zero-day exploited by attackers for months (CVE-2024-55591) appeared first on Help Net Security.
News URL
Related news
- Apple fixes 2 zero-days exploited to breach macOS systems (CVE-2024-44309, CVE-2024-44308) (source)
- Microsoft fixes exploited zero-day (CVE-2024-49138) (source)
- Ivanti Connect Secure zero-day exploited by attackers (CVE-2025-0282) (source)
- Ivanti Connect Secure zero-day exploited since mid-December (CVE-2025-0282) (source)
- Miscreants 'mass exploited' Fortinet firewalls, 'highly probable' zero-day used (source)
- Fortinet Warns of New Zero-Day Used in Attacks on Firewalls with Exposed Interfaces (source)
- Fortinet warns of auth bypass zero-day exploited to hijack firewalls (source)