Summary: Fortinet has addressed a critical authentication bypass vulnerability (CVE-2024-55591) in its FortiOS firewalls and FortiProxy web gateways, which has been actively exploited by attackers as a zero-day. The vulnerability allows remote attackers to gain super-admin privileges, enabling them to execute unauthorized commands. Organizations are urged to upgrade to patched versions and monitor for indicators of compromise due to the ongoing threat from state-sponsored hackers.
Threat Actor: State-sponsored hackers | state-sponsored hackers
Victim: Fortinet customers | Fortinet customers
Keypoints :
- Exploitation of CVE-2024-55591 allows attackers to gain super-admin privileges without user interaction.
- The attack campaign involved multiple phases, including automated scanning, reconnaissance, account creation, and credential extraction.
- Organizations are advised to limit access to management interfaces and monitor for suspicious activity from VPS hosting IP addresses.