1. Home
  2. Mapping Frameworks
  3. Known Exploited Vulnerabilities Home
  4. Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability

Known Exploited Vulnerabilities CVE-2024-55591

Fortinet FortiOS and FortiProxy contain an authentication bypass vulnerability that may allow an unauthenticated, remote attacker to gain super-admin privileges via crafted requests to Node.js websocket module.

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name Notes
CVE-2024-55591 Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability exploitation_technique T1068 Exploitation for Privilege Escalation
Comments
An attacker can add a local_access_token parameter to a request targeting a specific endpoint on vulnerable Fortinet devices, leading to an authentication bypass. From there, they can obtain super_admin privileges.
References
  1. https://github.com/watchtowrlabs/fortios-auth-bypass-poc-CVE-2024-55591 https://letsdefend.io/blog/cve-2024-55591-critical-zero-day-vulnerability-in-fortinet-fortios-and-fortiproxy-actively-exploited-in-the-wild
CVE-2024-55591 Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability primary_impact T1555 Credentials from Password Stores
Comments
An attacker can add a local_access_token parameter to a request targeting a specific endpoint on vulnerable Fortinet devices, leading to an authentication bypass. From there, they can obtain super_admin privileges.
References
  1. https://github.com/watchtowrlabs/fortios-auth-bypass-poc-CVE-2024-55591 https://letsdefend.io/blog/cve-2024-55591-critical-zero-day-vulnerability-in-fortinet-fortios-and-fortiproxy-actively-exploited-in-the-wild
CVE-2024-55591 Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability primary_impact T1078 Valid Accounts
Comments
An attacker can add a local_access_token parameter to a request targeting a specific endpoint on vulnerable Fortinet devices, leading to an authentication bypass. From there, they can obtain super_admin privileges.
References
  1. https://github.com/watchtowrlabs/fortios-auth-bypass-poc-CVE-2024-55591 https://letsdefend.io/blog/cve-2024-55591-critical-zero-day-vulnerability-in-fortinet-fortios-and-fortiproxy-actively-exploited-in-the-wild
CVE-2024-55591 Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability secondary_impact T1021 Remote Services
Comments
An attacker can add a local_access_token parameter to a request targeting a specific endpoint on vulnerable Fortinet devices, leading to an authentication bypass. From there, they can obtain super_admin privileges.
References
  1. https://github.com/watchtowrlabs/fortios-auth-bypass-poc-CVE-2024-55591 https://letsdefend.io/blog/cve-2024-55591-critical-zero-day-vulnerability-in-fortinet-fortios-and-fortiproxy-actively-exploited-in-the-wild