CVE-2024-55591

Published Jan 14, 2025

Last updated 5 months ago

Exploit knownCVSS critical 9.8
Fortinet
FortiOS
FortiProxy
VPN

Overview

Description
An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS version 7.0.0 through 7.0.16 and FortiProxy version 7.0.0 through 7.0.19 and 7.2.0 through 7.2.12 allows a remote attacker to gain super-admin privileges via crafted requests to Node.js websocket module.
Source
psirt@fortinet.com
NVD status
Analyzed
Products
fortiproxy, fortios

Risk scores

CVSS 3.1

Type
Primary
Base score
9.8
Impact score
5.9
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
CRITICAL

Known exploits

Data from CISA

Vulnerability name
Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability
Exploit added on
Jan 14, 2025
Exploit action due
Jan 21, 2025
Required action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Weaknesses

psirt@fortinet.com
CWE-288
nvd@nist.gov
NVD-CWE-Other

Social media

Hype score
Not currently trending

  1. NightSpire: 150+ victims, 33 countries, first year of operation. Closed non-RaaS group. Go-based payload. Exploiting FortiOS CVE-2024-55591 within days of disclosure. Assessed with medium-high confidence as a Rbfs rebrand. Full profile (Spectral Flux) → https://t.co/ipulCFSOlj

    @IntelFusions

    7 Mar 2026

    4 Impressions

    0 Retweets

    3 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. NightSpire ransomware alert: Targeting FortiOS CVE-2024-55591, poisoning OneDrive backups, and hitting healthcare hard. 90+ victims since Feb. Closed group operation = consistent TTPs. IOCs and analysis available for defenders. DM for the full report.

    @0dayTrace

    29 Jan 2026

    55 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. Decided to do some work CVE-2024-55591, because the exploits out there are far from a working POC. https://t.co/QdfOcLlryY

    @0x4E0x650x6F

    29 Jan 2026

    82 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. アサヒへのサイバーアタック 攻撃手法がこれ - CVE-2024-21762: sslとvpnの接続でパラメータ不足で侵入されちゃう。(画像左) - CVE-2024-55591: Node.jswebsocketから侵入してスーパーユーザー取得しちゃう(画像右)

    @ksasakibiz

    8 Oct 2025

    269 Impressions

    0 Retweets

    0 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

  5. 2025年8月時点で、Qilinランサムウェアグループは104被害組織を主張したという報道もありグローバルに被害件数を急拡大させています。Fortinet製品の脆弱性(CVE-2024-21762、CVE-2024-55591等)を悪用して初期侵入する

    @t_nihonmatsu

    7 Oct 2025

    8719 Impressions

    7 Retweets

    32 Likes

    19 Bookmarks

    0 Replies

    0 Quotes

  6. We’ve published our annual lookback research paper on cyber espionage targeting Japan in FY2024 (Apr 2024 ~ Mar 2025). This report also covered the trend of Ivanti CVE-2025-22457, Fortigate CVE-2024-55591 as the specific case studies. https://t.co/MpztFHuMre

    @8th_grey_owl

    15 Jul 2025

    4639 Impressions

    18 Retweets

    51 Likes

    21 Bookmarks

    2 Replies

    0 Quotes

  7. Alleged Sale of Mass Exploit for FortiGate targeting CVE-2024-55591 https://t.co/6oCAVmhi2z

    @freedomhack101

    5 Jul 2025

    112 Impressions

    1 Retweet

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. 🚨Alleged Sale of Mass Exploit for FortiGate targeting CVE-2024-55591 https://t.co/88USLjCjCo

    @DarkWebInformer

    4 Jul 2025

    10856 Impressions

    12 Retweets

    58 Likes

    13 Bookmarks

    0 Replies

    0 Quotes

  9. "Fortinet Under Fire: New Auth Bypass Bug Actively Exploited (CVE-2024-55591)" by Sharon #DEVCommunity #SafeLine #vulnerabilities #cybersecurity https://t.co/xTPt36111I

    @Sharon18866

    24 Jun 2025

    11 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. ⚠️ Critical alert for Fortinet users! CVE-2024-55591 allows attackers to gain admin control without credentials. Patch your FortiOS/FortiProxy ASAP to avoid exploitation. Don't be vulnerable! 🚨 #Fortinet #CyberSecurity #PatchNow @Sharon https://t.co/QwZwCqRdSP

    @prod42net

    24 Jun 2025

    4 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  11. 🚨CVE-2024-55591: Fortinet FortiOS Authentication Bypass ZoomEye Link: https://t.co/KHvDBL8feJ ZoomEye Dork: app="Fortinet Firewall" Results: 5,320,990 Advisory: https://t.co/fA1d9WepGp PoC: https://t.co/iy5hvuPVCt CVSS: 9.8 https://t.co/eDKORfPNRK

    @TheMsterDoctor1

    17 Jun 2025

    1163 Impressions

    3 Retweets

    10 Likes

    11 Bookmarks

    0 Replies

    0 Quotes

  12. 🚨CVE-2024-55591: Fortinet FortiOS Authentication Bypass ZoomEye Link: https://t.co/dCnJAPVshB ZoomEye Dork: app="Fortinet Firewall" Results: 5,320,990 Advisory: https://t.co/9ljTwds7VA PoC: https://t.co/pC94Vb0ljR CVSS: 9.8 https://t.co/3W8N7H4UZI

    @DarkWebInformer

    17 Jun 2025

    24441 Impressions

    80 Retweets

    308 Likes

    172 Bookmarks

    2 Replies

    1 Quote

  13. SuperBlack exploits CVE-2024-55591 and CVE-2025-24472 in Fortinet systems. AI ShieldNet uses behavioral AI to detect and stop zero-day attacks like this. Website: https://t.co/eeFYunNtwv #Cybersecurity #AIShieldNet #prosfinity https://t.co/Du0dl8F8rR

    @prosfinity

    10 Jun 2025

    61 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  14. Fortinet vulnerabilities exploited by Qilin ransomware The Qilin ransomware group (aka Phantom Mantis) is exploiting Fortinet vulnerabilities, including CVE-2024-21762 and CVE-2024-55591, to gain remote code execution and access internal networks. Active since 2022, Qilin uses h

    @dCypherIO

    9 Jun 2025

    55 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  15. Fortinetの脆弱性(CVE-2024-21762,CVE-2024-55591)を悪用したサイバー攻撃が拡大中 https://t.co/RHJEikMHX9

    @AileenWoodstock

    8 Jun 2025

    23 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  16. Fortinetの脆弱性(CVE-2024-21762,CVE-2024-55591)を悪用したサイバー攻撃が拡大中 #セキュリティ対策Lab #セキュリティ #Security https://t.co/GgalfSU2bM

    @securityLab_jp

    8 Jun 2025

    46 Impressions

    1 Retweet

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  17. フォーティネットの重大(Critical)な脆弱性をQilinランサムウェア集団が悪用している。PRODAFT社報告。中程度の信頼度で、CVE-2024-21762やCVE-2024-55591等を悪用。 https://t.co/XScMoF8cu2

    @__kokumoto

    7 Jun 2025

    1938 Impressions

    2 Retweets

    22 Likes

    9 Bookmarks

    0 Replies

    1 Quote

  18. 🚨مجموعة الفدية Qilin تقوم حاليًا باستغلالٍ نشط لثغرات أمنية حرجة في أنظمة Fortigate (مثل CVE-2024-21762 و CVE-2024-55591)، في هجماتٍ مؤتمتة بالكامل، باستثناء اختيار الضحايا

    @xabdul

    6 Jun 2025

    594 Impressions

    0 Retweets

    2 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  19. 🚨 Threat actors are actively exploiting Fortigate vulnerabilities (CVE-2024-21762, CVE-2024-55591, and others) to deploy Qilin ransomware. The attack is fully automated, with only victim selection done manually. Details in our flash alert on CATALYST: https://t.co/BDjEX2KqqO

    @PRODAFT

    6 Jun 2025

    5542 Impressions

    16 Retweets

    33 Likes

    18 Bookmarks

    0 Replies

    0 Quotes

  20. 🚨 Fortinet zero-day (CVE-2024-55591) is under attack! Replace vulnerable firewalls with WEBOUNCER by https://t.co/YvUrFmPcXS for cutting-edge network security. 🔐 Upgrade now: https://t.co/YzmadoBshH #Cybersecurity #FortinetAlternative https://t.co/gqTFygakmX

    @BrainLabVisions

    23 May 2025

    40 Impressions

    1 Retweet

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  21. (🧵Thread) 🚨 Spike in Fortinet CVE-2024-55591 Vulnerability Rapidly Increased in the past Week The CrowdSec Network has detected a wave of exploitation attempts targeting CVE-2024-55591, a Fortinet vulnerability that affects FortiWAN versions before 5.3.2. First seen on Apr

    @Crowd_Security

    19 May 2025

    321 Impressions

    1 Retweet

    4 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  22. 注意喚起: Fortinet製FortiOSおよびFortiProxyにおける認証回避の脆弱性(CVE-2024-55591)に関する注意喚起 (更新) https://t.co/RjF8IkgZ6M

    @AileenWoodstock

    15 May 2025

    41 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  23. 統合版 JPCERT/CC | 注意喚起: Fortinet製FortiOSおよびFortiProxyにおける認証回避の脆弱性(CVE-2024-55591)に関する注意喚起 (更新) https://t.co/XhpyuYiDAz #itsec_jp

    @itsec_jp

    15 May 2025

    8 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  24. FotiOS、super-admin権限を奪取される脆弱性(CVE-2024-55591)を狙う攻撃は日本でも発生。 へーしゃは1月に対応済みです。 https://t.co/el9P6yEFNe

    @MrGensui56

    12 May 2025

    172 Impressions

    1 Retweet

    4 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  25. 更新:Fortinet 製 FortiOS の脆弱性対策について(CVE-2024-55591) [https://t.co/l2C5bfTI5Z]

    @securenews_web

    12 May 2025

    491 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  26. 更新:Fortinet 製 FortiOS の脆弱性対策について(CVE-2024-55591) https://t.co/bGSAFUoQ2w

    @ICATalerts

    12 May 2025

    3091 Impressions

    2 Retweets

    3 Likes

    2 Bookmarks

    0 Replies

    2 Quotes

  27. Fortinet製FortiOSおよびFortiProxyにおける認証回避の脆弱性(CVE-2024-55591)に関する注意喚起 #JPCERTCC (May 9) https://t.co/Ste0O8fwQk

    @foxbook

    11 May 2025

    774 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  28. Fortinet製FortiOSおよびFortiProxyにおける認証回避の脆弱性(CVE-2024-55591)に関する注意喚起 2025年5月9日更新 https://t.co/oqVBr5IhDq

    @piyokango

    9 May 2025

    4449 Impressions

    2 Retweets

    8 Likes

    5 Bookmarks

    0 Replies

    0 Quotes

  29. Fortinetの脆弱性(CVE-2024-55591,CVE-2025-24472)を狙うサイバー攻撃が国内でも発生-JPCERTが警告 #セキュリティ対策Lab #セキュリティ #Security https://t.co/K2LlhH44nA

    @securityLab_jp

    9 May 2025

    68 Impressions

    0 Retweets

    1 Like

    1 Bookmark

    0 Replies

    0 Quotes

  30. 🚨Fortinet製FortiOSおよびFortiProxyにおける認証回避の脆弱性(CVE-2024-55591)に関する注意喚起 🗓️2025-05-09 https://t.co/Qfkj2ZmnOC @jpcert

    @m_nakamura_jp

    9 May 2025

    28 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  31. Fortinet製FortiOSおよびFortiProxyにおける認証回避の脆弱性(CVE-2024-55591)に関する注意喚起 https://t.co/QravAHIj7o @jpcert

    @hashiken_com

    9 May 2025

    53 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  32. 【更新】Fortinet製FortiOSおよびFortiProxyにおける認証回避の脆弱性(CVE-2024-55591)に関する注意喚起を更新。2025年3月以降に国内で発生したインシデントにおいて、本脆弱性が悪用された事例があることを確認し

    @jpcert

    9 May 2025

    4578 Impressions

    12 Retweets

    23 Likes

    6 Bookmarks

    0 Replies

    0 Quotes

  33. 注意喚起: Fortinet製FortiOSおよびFortiProxyにおける認証回避の脆弱性(CVE-2024-55591)に関する注意喚起 (更新) https://t.co/t3WywYY9x1

    @AileenWoodstock

    9 May 2025

    24 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  34. 統合版 JPCERT/CC | 注意喚起: Fortinet製FortiOSおよびFortiProxyにおける認証回避の脆弱性(CVE-2024-55591)に関する注意喚起 (更新) https://t.co/BKWOqtbKYx #itsec_jp

    @itsec_jp

    9 May 2025

    22 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  35. Actively exploited CVE : CVE-2024-55591

    @transilienceai

    22 Apr 2025

    25 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  36. 🚨 New research alert! 🇯🇵 A KeyPlug-linked server briefly exposed Fortinet exploits, a custom webshell, and recon scripts aimed at a major Japanese company. https://t.co/30805UtWdC The Fortinet tooling aligns with CVE-2024-55591, and the recon activity points to interest in

    @Huntio

    17 Apr 2025

    1431 Impressions

    10 Retweets

    25 Likes

    9 Bookmarks

    0 Replies

    0 Quotes

  37. 🚨 CVE-2024-55591 - critical 🚨 Fortinet Authentication Bypass > Fortinet FortiOS is vulnerable to an information disclosure via service-worker.js tha... 👾 https://t.co/1LyudOh9mW @pdnuclei #NucleiTemplates #cve

    @pdnuclei_bot

    8 Apr 2025

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  38. Sorry, I was so absorbed with fresh RansomHub IR this evening that I completely forgot about the KQL query of the day ... It'll be back tomorrow! PS: Have you patched for CVE-2024-55591 yet? Don't expose your Admin interface on the Internet too. I'm happy you do, but you won't

    @SecurityAura

    28 Mar 2025

    672 Impressions

    1 Retweet

    9 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

  39. Get FortiRekt, I Am The Super_Admin Now - Fortinet FortiOS Authentication Bypass CVE-2024-55591 https://t.co/YpA4sWbGgD

    @pentest_swissky

    26 Mar 2025

    1691 Impressions

    8 Retweets

    20 Likes

    8 Bookmarks

    0 Replies

    0 Quotes

  40. Honestly, if you didn't patch your FortiGate (FortiOS) for CVE-2024-55591, you'll get a visit from RansomHub. It's just a matter of time, it may have already happened. Make sure to review ALL the accounts on your FortiGates and admin actions even if it's patched, just sayin'.

    @SecurityAura

    25 Mar 2025

    5319 Impressions

    15 Retweets

    63 Likes

    21 Bookmarks

    2 Replies

    1 Quote

  41. 🚨 Fortinet has patched critical vulnerabilities (NCSC-2025-0082) in FortiOS, FortiProxy, FortiPAM, FortiSRA, and FortiWeb. Exploited in ransomware attacks, this flaw allows unauthorized code execution. Patch now! #CVE-2024-55591 #CVE-2025-24472 https://t.co/tPrTnAvPap

    @RedTeamNewsBlog

    24 Mar 2025

    4 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  42. به تازگی باج افزاری به نام Mora_001 منتشر شده است که از ۲ آسیب پذیدی مربوط به Fortinet با کدهای شناسایی CVE-2024-55591 و CVE-2024-55591 برای گرفتن دسترسی اولیه و سپس رمز نگاری فایل ها استفاده می کند. https://t.co/Poz3aKY03t https://t.co/81F1TvyNgl

    @AmirHossein_sec

    22 Mar 2025

    17 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  43. CVE-2024-55591: Fortinet Authentication Bypass Zero-Day Vulnerability Exploited in the Wild https://t.co/JKP7iKm1cw https://t.co/wLVCa5eRyG

    @dansantanna

    22 Mar 2025

    18 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  44. FortiOS, FotiProxyの脆弱性の悪用が確認されているとのこと。 CVE-2025-24472 CVE-2024-55591 Fortinet Vulnerability Exploited in Ransomware Attack, CISA Warns - Infosecurity Magazine https://t.co/w3vcJozVFT

    @ntsuji

    21 Mar 2025

    6448 Impressions

    30 Retweets

    69 Likes

    18 Bookmarks

    2 Replies

    1 Quote

  45. Ransomware Alert! Fortinet Under Siege: New ransomware gang SuperBlack exploits CVE-2024-55591 & CVE-2025-24472! CVE-2024-55591 – An Authentication bypass vulnerability affecting Fortinet's FortiOS and FortiProxy products. This flaw allows remote attackers to gain super-adm

    @Loginsoft_Inc

    19 Mar 2025

    79 Impressions

    1 Retweet

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  46. Actively exploited CVE : CVE-2024-55591

    @transilienceai

    17 Mar 2025

    29 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  47. 🚨 Hackers linked to LockBit are exploiting Fortinet firewall vulnerabilities (CVE-2024-55591 & CVE-2025-24472) to deploy the SuperBlack ransomware. 🔹 Data is exfiltrated before encryption 🔹 Strong ties to LockBit 3.0 ransomware 🔹 Unpatched orgs remain at risk 📌 Patch NOW

    @the_aryanmittal

    17 Mar 2025

    52 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  48. New ransomware group Mora_001 is exploiting Fortinet vulnerabilities (CVE-2024-55591, CVE-2025-24472), linked to LockBit. Affected devices may face threats if not patched. 🚨 #Fortinet #Ransomware #USA link: https://t.co/ddxsXkSqYa https://t.co/Sbhk3dsM1c

    @TweetThreatNews

    17 Mar 2025

    11 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  49. به تازگی باج افزاری به نام Mora_001 منتشر شده است که از ۲ آسیب پذیدی مربوط به Fortinet با کدهای شناسایی CVE-2024-55591 و CVE-2024-55591 برای گرفتن دسترسی اولیه و سپس رمز نگاری فایل ها استفاده می کند.

    @cybernetic_cy

    17 Mar 2025

    93 Impressions

    2 Retweets

    4 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  50. Actively exploited CVE : CVE-2024-55591

    @transilienceai

    17 Mar 2025

    16 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

Configurations

Related CVEs

  1. An Authentication Bypass by Primary Weakness vulnerability [CWE-305] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4 may allow an unauthenticated attacker to bypass LDAP authentication of Agentless VPN or FSSO policy, when the remote LDAP server is configured in a specific way.CVE-2026-22153
  2. An Exposure of Sensitive Information to an Unauthorized Actor vulnerability [CWE-200] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.1, FortiOS 7.4.0 through 7.4.6, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions may allow a remote unauthenticated attacker to bypass the patch developed for the symbolic link persistency mechanism observed in some post-exploit cases, via crafted HTTP requests. An attacker would need first to have compromised the product via another vulnerability, at filesystem level.CVE-2025-68686
  3. A use of externally-controlled format string vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0 all versions allows an authenticated admin to execute unauthorized code or commands via specifically crafted configuration.CVE-2025-64157
  4. An inconsistent interpretation of http requests ('http request smuggling') vulnerability in Fortinet FortiOS 7.6.0, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4.3 through 6.4.16 may allow an unauthenticated attacker to smuggle an unlogged http request through the firewall policies via a specially crafted headerCVE-2025-55018
  5. Ivanti Endpoint Manager Mobile (EPMM) Code Injection VulnerabilityCVE-2026-1281

References

Sources include official advisories and independent security research.