Fortinet Patches Critical Zero-Day Authentication Bypass Flaw

Affecting FortiOS and FortiProxy Products

Fortinet has patched an actively exploited zero-day authentication bypass flaw affecting its FortiOS and FortiProxy products, which attackers have been exploiting to gain super-administrative access to devices to conduct nefarious activities, including breaching corporate networks.

Characterization of the Flaw

Fortinet characterized the flaw, rated as critical and tracked as CVE-2024-55591 (CVSS 9.6), as an "authentication bypass using an alternate authentication mechanism". This flaw allows attackers to bypass authentication mechanisms and gain super-administrative access to devices.

Recommendations for Affected Organizations

Organizations using the devices affected by the flaw are advised to follow the appropriate update path or apply the workaround provided by Fortinet. It is recommended to use a non-standard and non-guessable username for admin accounts to offer some protection against the attack.

Attack Vector and Mitigation

However, the company added, since the targeted WebSocket is not itself an authentication point, attackers still have the possibility of brute-forcing the username to exploit the flaw. Therefore, it is essential to implement additional security measures to prevent such attacks.

Additional Information

For more information on the vulnerability and the patch, please visit the following resources:

• Fortinet’s advisory on the vulnerability: CVE-2024-55591
• The Case for Proactive, Scalable Data Protection: https://www.darkreading.com/cloud-security/the-case-for-proactive-scalable-data-protection