skip to content
Decrypt LOL

Get Cyber-Smart in Just 5 Minutes a Week

Decrypt delivers quick and insightful updates on cybersecurity. No spam, no data sharing—just the info you need to stay secure.

Read the latest edition

Fortinet's FortiOS Vulnerability CVE-2024-55591 Discovered

/ 1 min read

🔓 Critical Authentication Bypass Vulnerability Discovered in Fortinet’s FortiOS. A severe zero-day vulnerability, identified as CVE-2024-55591, has been found in Fortinet’s FortiOS and FortiProxy, allowing remote attackers to gain super-admin privileges through crafted requests. The flaw resides in a GUI feature that enables execution of CLI commands, which can be exploited to create unauthorized administrative accounts. Reports indicate that this vulnerability is actively being exploited in the wild, with nearly 50,000 vulnerable instances detected globally. Fortinet has released an advisory urging users to patch affected versions immediately. The vulnerability highlights significant security concerns within Fortinet’s Node.js application, prompting further investigation into additional potential issues. For more details, users are encouraged to refer to Fortinet’s PSIRT advisory.

Source
{entry.data.source.title}
Original