May 29, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Ivanti Releases Critical Updates for EPM and Avalanche Vulnerabilities
January 16, 2025
Snake Keylogger Malware – Active IOCs
January 16, 2025
Ivanti Releases Critical Updates for EPM and Avalanche Vulnerabilities
January 16, 2025
Snake Keylogger Malware – Active IOCs
January 16, 2025
Severity
High
Analysis Summary
CVE-2024-55591
An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS version 7.0.0 through 7.0.16 and FortiProxy version 7.0.0 through 7.0.19 and 7.2.0 through 7.2.12 allows a remote attacker to gain super-admin privileges via crafted requests to Node.js websocket module.
Impact
- Security Bypass
Indicators of Compromise
CVE
CVE-2024-55591
Affected Vendors
Fortinet
Affected Products
- Fortinet FortiOS 7.0.0 - 7.0.16
- Fortinet FortiProxy 7.0.0 - 7.0.19
- Fortinet FortiProxy 7.2.0 - 7.2.12
Remediation
Refer to Fortinet FortiGuard Security Advisory for patch, upgrade, or suggested workaround information.
