Critical vulnerability in FortiGate: How can you protect yourself from attack?

The recently discovered CVE-2024-55591 vulnerability in FortiGate devices exposed a serious security issue that could allow an attacker to bypass authentication and gain full access to the network infrastructure. Read our article to find out what steps you need to take to protect your organisation and how you can improve the security of your systems.
What is the essence of vulnerability CVE-2024-55591?
Vulnerability CVE-2024-55591 is a critical vulnerability in Fortinet FortiOS and FortiProxy products that allows a remote attacker to bypass authentication and gain super-administrator privileges by sending specially crafted requests to the Node.js websocket module. This vulnerability has been actively exploited since November 2024.
Affected versions:
– FortiOS: versions 7.0.0 to 7.0.16
– FortiProxy: versions 7.0.0 to 7.0.19 and 7.2.0 to 7.2.12
Why is it important to address the vulnerability?
Immediately after the vulnerability was disclosed, a list of more than 15,000 IP addresses of organizations that have not resolved this critical vulnerability appeared on the darknet. The data includes interface login credentials and other data that can be used to enter compromised systems.
Recommended Solution:
1) Software update
Update to the following versions or newer:
– FortiOS: version 7.0.17
– FortiProxy: version 7.0.20 or 7.2.13
These updates contain fixes for vulnerability CVE-2024-55591.
2) Access Restrictions
Until you upgrade, restrict access to administrative interfaces (HTTP/HTTPS) to trusted IP addresses only or temporarily disable them.
3) System monitoring
Regularly check system logs for the following indicators of compromise:
– Unusual logon activity with the ‘admin’ user via ‘jsconsole’.
– Creation of new admin accounts with randomly generated names.
– The presence of IP addresses such as 1.1.1.1, 127.0.0.1, 2.2.2.2, 8.8.8.8 or 8.8.4.4 in the logs.
This activity may indicate an attempt to exploit the vulnerability.

Secure FortiGate Access with ProID Multifactor Authentication
ProID tools provide reliable access security for FortiGate administrative consoles by adding an extra layer of verification. Using a mobile application or a smart card, organizations can easily implement multi-factor authentication (MFA), significantly enhancing protection against unauthorized access. The entire solution is fully compatible with the RADIUS protocol, ensuring quick integration into existing infrastructure and maximizing the security of your authentication processes.
