Fortinet Warns of Actively Exploited Zero-Day Vulnerability in FortiGate Firewalls
Cybersecurity firm Fortinet has warned of a critical zero-day vulnerability (CVE-2024-55591) affecting some of its FortiGate firewalls. Disclosed on January 14, 2025, this authentication bypass flaw is actively exploited in the wild and poses a severe threat.
The vulnerability, rated 9.6 out of 10 on the CVSS scale, allows remote attackers to bypass authentication and gain super-admin privileges via crafted requests to a Node.js web socket module. Fortinet has confirmed that affected versions include FortiOS 7.0.0 through 7.0.16 and FortiProxy 7.0.0 through 7.0.19, as well as versions 7.2.0 through 7.2.12.
Security firm Arctic Wolf has reported observing a massive exploitation campaign since December 2024. Threat actors have been altering firewall configurations and extracting credentials using DCSync.
To mitigate the risk, Fortinet advises users to upgrade their FortiOS and FortiProxy to the latest patched versions. Additionally, specific local-in policies and address group configurations should be applied. Users are urged to take immediate action to protect their systems.
