The Download
Despite the release of a critical security patch by Fortinet, approximately 48,457 Fortinet firewall devices remain vulnerable to CVE-2024-55591, an authentication bypass vulnerability actively exploited in the wild. This flaw allows attackers to gain unauthorized super-admin access via crafted requests to the Node.js WebSocket module. Exploiting this vulnerability enables attackers to steal credentials, create unauthorized administrative accounts, and establish SSL VPN tunnels, facilitating lateral movement within compromised networks. Such unauthorized access poses significant risks, including data breaches, deployment of malware, and potential ransomware attacks.
What You Can Do
To mitigate these threats, IT administrators should immediately apply the latest security updates provided by Fortinet for FortiOS and FortiProxy. It's crucial to verify that all devices, especially those with internet-exposed management interfaces, are updated to the patched versions. Administrators should also review device configurations for unauthorized changes, such as unknown administrative accounts or altered SSL VPN settings. Implementing network segmentation can limit an attacker's ability to move laterally within the network. Regular monitoring of system logs and network traffic for unusual activities can aid in early detection of potential intrusions. Additionally, disabling unnecessary management interfaces and enforcing strong, unique passwords for all accounts can further enhance security posture.
Demo ThreatMate today to analyze all your attack surfaces.
To Learn More: