Security News > 2025 > January > Fortinet fixes FortiOS zero-day exploited by attackers for months (CVE-2024-55591)

Fortinet fixes FortiOS zero-day exploited by attackers for months (CVE-2024-55591)
2025-01-14 17:15

Fortinet has patched an authentication bypass vulnerability (CVE-2024-55591) affecting its FortiOS firewalls and FortiProxy web gateways that has been exploited as a zero-day by attackers to compromise publicly-exposed FortiGate firewalls. While Fortinet acknowledged in-the-wild exploitation in the accompanying security advisory, they did share any attack-related information except indicators of compromise (IoCs): IP addresses, log entries, created users, and a list of operations performed by the threat actor. Some of those IoCs overlap with those shared … More → The post Fortinet fixes FortiOS zero-day exploited by attackers for months (CVE-2024-55591) appeared first on Help Net Security.


News URL

https://www.helpnetsecurity.com/2025/01/14/fortinet-fortigate-zero-day-vulnerability-exploited-cve-2024-55591/

Related news

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2025-01-14 CVE-2024-55591 Unspecified vulnerability in Fortinet Fortios and Fortiproxy
An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS version 7.0.0 through 7.0.16 and FortiProxy version 7.0.0 through 7.0.19 and 7.2.0 through 7.2.12 allows a remote attacker to gain super-admin privileges via crafted requests to Node.js websocket module.
network
low complexity
fortinet
critical
 9.8
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Fortinet 80 20 348 308 92 768