{"id":50703,"date":"2025-01-24T13:51:33","date_gmt":"2025-01-24T12:51:33","guid":{"rendered":"https:\/\/proid.cz\/kriticka-zranitelnost-fortigate-jak-se-chranit-pred-utoky-na-administrativni-pristupy\/"},"modified":"2025-01-30T13:46:07","modified_gmt":"2025-01-30T12:46:07","slug":"critical-vulnerability-in-fortigate-how-can-you-protect-yourself-from-attack","status":"publish","type":"post","link":"https:\/\/proid.cz\/en\/critical-vulnerability-in-fortigate-how-can-you-protect-yourself-from-attack\/","title":{"rendered":"Critical vulnerability in FortiGate: How can you protect yourself from attack?"},"content":{"rendered":"

[vc_row type=”vc_default”][vc_column][vc_empty_space height=”60″][vc_row_inner content_placement=”middle”][vc_column_inner width=”1\/2″][vc_empty_space height=”40″][vc_column_text]<\/p>\n

Critical vulnerability in FortiGate: How can you protect yourself from attack?<\/h1>\n

[\/vc_column_text][vc_empty_space height=”20″][vc_empty_space height=”10″][vc_empty_space height=”20″][\/vc_column_inner][vc_column_inner width=”1\/2″][vc_single_image image=”19931″ img_size=”full” alignment=”center” style=”vc_box_rounded” image_hovers=”false”][\/vc_column_inner][\/vc_row_inner][vc_empty_space height=”50″][\/vc_column][\/vc_row][vc_row][vc_column][vc_empty_space height=”50″][vc_row_inner][vc_column_inner width=”1\/6″][\/vc_column_inner][vc_column_inner width=”2\/3″][vc_column_text]<\/p>\n

The recently discovered CVE-2024-55591<\/strong> vulnerability in FortiGate devices exposed a serious security issue that could allow an attacker to bypass authentication and gain full access to the network infrastructure. Read our article to find out what steps you need to take to protect your organisation and how you can improve the security of your systems.<\/p><\/blockquote>\n

[\/vc_column_text][vc_empty_space height=”50″][vc_column_text]<\/p>\n

What is the essence of vulnerability CVE-2024-55591?<\/b><\/h3>\n

Vulnerability CVE-2024-55591 is a critical vulnerability in Fortinet FortiOS and FortiProxy products that allows a remote attacker to bypass authentication and gain super-administrator privileges by sending specially crafted requests to the Node.js websocket module. This vulnerability has been actively exploited since November 2024.\u00a0<\/span><\/p>\n

<\/h3>\n

\u00a0<\/span>Affected versions:<\/b><\/p>\n

– FortiOS: versions 7.0.0 to 7.0.16<\/span><\/p>\n

– FortiProxy: versions 7.0.0 to 7.0.19 and 7.2.0 to 7.2.12<\/span>[\/vc_column_text][vc_column_text]<\/p>\n

Why is it important to address the vulnerability?<\/b><\/h3>\n

Immediately after the vulnerability was disclosed, a list of more than 15,000 IP addresses of organizations that have not resolved this critical vulnerability appeared on the darknet. The data includes interface login credentials and other data that can be used to enter compromised systems.<\/span><\/p>\n

<\/h3>\n

[\/vc_column_text][vc_column_text]<\/p>\n

Recommended Solution:<\/b><\/h3>\n

1) Software update<\/b><\/p>\n

Update to the following versions or newer:<\/span><\/p>\n

\u00a0\u00a0\u00a0– FortiOS: version 7.0.17<\/span><\/p>\n

\u00a0\u00a0\u00a0– FortiProxy: version 7.0.20 or 7.2.13<\/span><\/p>\n

These updates contain fixes for vulnerability CVE-2024-55591.\u00a0<\/span><\/p>\n

<\/h3>\n

2) Access Restrictions<\/b><\/p>\n

Until you upgrade, restrict access to administrative interfaces (HTTP\/HTTPS) to trusted IP addresses only or temporarily disable them.\u00a0<\/span><\/p>\n

 <\/p>\n

3) System monitoring<\/b><\/p>\n

\u00a0Regularly check system logs for the following indicators of compromise:<\/span><\/p>\n

\u00a0\u00a0\u00a0– Unusual logon activity with the ‘admin’ user via ‘jsconsole’.<\/span><\/p>\n

\u00a0\u00a0\u00a0– Creation of new admin accounts with randomly generated names.<\/span><\/p>\n

\u00a0\u00a0\u00a0– The presence of IP addresses such as 1.1.1.1, 127.0.0.1, 2.2.2.2, 8.8.8.8 or 8.8.4.4 in the logs.<\/span><\/p>\n

This activity may indicate an attempt to exploit the vulnerability.\u00a0<\/span>[\/vc_column_text][\/vc_column_inner][vc_column_inner width=”1\/6″][\/vc_column_inner][\/vc_row_inner][vc_empty_space height=”50″][\/vc_column][\/vc_row][vc_row type=”vc_default” css=”.vc_custom_1737723166152{background-color: #f5f6f7 !important;border-radius: 30px !important;}”][vc_column][vc_empty_space height=”50″][vc_row_inner][vc_column_inner width=”1\/6″][vc_single_image image=”49844″ img_size=”full”][\/vc_column_inner][vc_column_inner width=”2\/3″][vc_column_text]<\/p>\n

Secure FortiGate Access with ProID Multifactor Authentication<\/h2>\n

ProID tools provide reliable access security for FortiGate administrative consoles by adding an extra layer of verification. Using a mobile application or a smart card, organizations can easily implement multi-factor authentication (MFA), significantly enhancing protection against unauthorized access. The entire solution is fully compatible with the RADIUS protocol, ensuring quick integration into existing infrastructure and maximizing the security of your authentication processes.[\/vc_column_text][vc_empty_space height=”20″]