CISA adds Fortinet flaw CVE-2024-55591 to KEV Catalog

CISA adds Fortinet flaw CVE-2024-55591 to KEV Catalog

No Comments

CVE-2024-55591 is a critical vulnerability affecting Fortinet’s FortiOS and FortiProxy devices. This vulnerability allows a remote attacker to bypass authentication mechanisms and gain super-admin privileges by sending specially crafted requests to the Node.js websocket module. Here’s an in-depth look at the details, impact, and mitigation strategies for this vulnerability.

Vulnerability Details

  • Affected Products:
  • FortiOS: Versions 7.0.0 through 7.0.16
  • FortiProxy: Versions 7.0.0 through 7.0.19 and 7.2.0 through 7.2.12
  • CVSS Score: 9.8 (Critical)
  • Description: The vulnerability arises from improper handling of websocket requests within the Node.js environment used by FortiOS and FortiProxy. An attacker can exploit this flaw to bypass authentication and escalate privileges to super-admin level, gaining complete control over the affected device.
Advertisements

Exploitation

This vulnerability has been actively exploited in the wild since November 2024. Attackers leverage the flaw by sending specially crafted websocket requests to the affected device’s web management interface. The exploitation process involves:

  1. Crafting Malicious Requests: Attackers create websocket requests designed to exploit the improper handling within the Node.js module.
  2. Bypassing Authentication: The crafted requests bypass the device’s authentication mechanisms, allowing the attacker to gain unauthorized access.
  3. Privilege Escalation: Once authenticated, the attacker can escalate privileges to super-admin, granting full control over the device.

Impact

The impact of CVE-2024-55591 is severe, with potential consequences including:

  • Unauthorized Access: Attackers can gain unauthorized access to the device, compromising its security.
  • Privilege Escalation: With super-admin privileges, attackers can modify configurations, access sensitive data, and perform administrative actions.
  • Data Breach: Compromised devices may lead to data breaches, exposing sensitive information stored or transmitted through the affected device.
  • Service Disruption: Attackers can disrupt services, causing downtime and impacting business operations.
Advertisements

Mitigation

Fortinet has released patches to address this vulnerability. Users are strongly advised to apply these updates immediately to protect their devices from potential exploitation. The following steps outline the mitigation process:

  1. Download and Apply Patches: Visit the Fortinet support website and download the latest firmware updates for your affected device models.
  2. Verify Firmware Versions: Ensure that the firmware versions on your devices match the patched versions provided by Fortinet.
  3. Update Devices: Follow the recommended update procedures to apply the patches to your devices.
  4. Monitor for Unusual Activity: Implement monitoring solutions to detect any suspicious activity related to websocket requests and unauthorized access attempts.
  5. Review Security Configurations: Regularly review and update security configurations to ensure adherence to best practices.

Conclusion

CVE-2024-55591 highlights the critical importance of robust security practices and timely updates. By addressing this vulnerability promptly and following recommended mitigation strategies, organizations can protect their FortiOS and FortiProxy devices from potential exploitation and ensure the security and integrity of their systems.

Tags:

Comments

No comments yet. Why don’t you start the discussion?

    Leave a Reply

    This site uses Akismet to reduce spam. Learn how your comment data is processed.