PoC Releases for Fortinet Zero-Day Vulnerability CVE-2024-5559, 45,000 Remain Vulnerable
Ddos 
Cybersecurity company watchTowr Labs released the technical details and a proof-of-concept (PoC) exploit code for a severe zero-day vulnerability (CVE-2024-55591) in Fortinet’s FortiOS and FortiProxy products. The vulnerability has already been exploited in active attacks to compromise enterprise networks and hijack firewalls.
This vulnerability, with a CVSS score of 9.8, exists in the jsconsole functionality and affects FortiOS versions 7.0.0 through 7.0.16 and FortiProxy versions 7.0.0 through 7.0.19 and 7.2.0 through 7.2.12. Successful exploitation allows attackers to create rogue administrative accounts, modify firewall policies, and establish VPN connections to internal networks.
Fortinet has confirmed active exploitation of this vulnerability, observing attackers creating new admin users, adding them to SSL VPN groups, and modifying firewall rules. These actions enable attackers to establish a foothold within the network and potentially move laterally to access sensitive data and systems.
According to watchTowr Labs researcher Aliz Hammond, the vulnerability stems from a chain of issues, including:
- A pre-authenticated WebSocket connection that can be initiated via HTTP.
- The use of a local_access_token parameter to bypass session checks.
- A race condition in the WebSocket message handling process.
- A lack of unique tokens or passwords for user establishment.
These issues combined allow attackers to authenticate to the CLI process through Telnet and gain elevated privileges.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2024-55591 to its Known Exploited Vulnerabilities (KEV) catalog, mandating federal agencies to patch their systems by January 21, 2025.
The Shadowserver Foundation reports nearly 45,000 vulnerable hosts as of January 27, 2025, highlighting the widespread risk posed by this vulnerability. With the availability of PoC exploit code for CVE-2024-55591, attacks are expected to increase. Organizations must act swiftly to protect their networks from this critical threat.
Related Posts:
- Active Exploitation of CVE-2024-55591 (CVSS 9.6): FortiOS and FortiProxy Under Threat
- PoC Releases for 0-day CVE-2024-21762 FortiGate SSLVPN Flaw, Over 133K Remain Vulnerable
- Critical vulnerability affects FortiOS/FortiProxy
- Fortinet Patches Critical RCE Vulnerability in FortiOS/FortiProxy
- Fortinet Faces Potential Data Breach, Customer Data at Risk
Donate