Cybersecurity Threat Advisory: Fortinet zero-day vulnerability

Home / QSOL IT News / cybersecurity / Cybersecurity Threat Advisory: Fortinet zero-day vulnerability
Cybersecurity Threat Advisory

Cybersecurity Threat Advisory

A critical zero-day vulnerability has been found affecting Fortinet FortiOS and FortiProxy devices. This vulnerability enables attackers to bypass authentication and gain privileges. Keep reading this Cybersecurity Threat Advisory for information to keep your environment safe.

What is the threat?

The vulnerability, tracked as CVE-2024-55591, allows attackers to bypass authentication by taking advantage of a flaw in the Node.js websocket module to gain super-admin access. Once the attacker bypasses authentication, they can access management interfaces without credentials, create unauthorized accounts, change firewall settings, and set up SSL VPN portals. Additionally, they can also steal credentials using the DCSync technique to move laterally across the network. The vulnerability affects FortiOS versions 7.0.0 to 7.0.16 (fixed in 7.0.17) and FortiProxy versions 7.0.0 to 7.0.19 (fixed in 7.0.20) and 7.2.0 to 7.2.12 (fixed in 7.2.13).

Why is it noteworthy?

This vulnerability has a critical severity score of 9.6, a potential to an entire system takeover. Attackers are using advanced methods like SSL VPNs for lateral movement and DCSync to steal credentials.

What is the exposure or risk?

Attackers can gain full super-admin access to affected devices, allowing them to make unauthorized changes to firewall settings and weaken overall network security. They can also steal credentials and use them to move within an organization’s network and access its systems. Also, attackers can set up their own SSL VPNs, giving them access to compromised networks, making it even harder to detect and eliminate their presence.

What are the recommendations?

Barracuda recommends the following actions to keep your network environment secured:

  • Upgrade to FortiOS 7.0.17 or later.
  • Upgrade to FortiProxy 7.0.20 or later (or 7.2.13 for the 7.2.x series).
  • Do not expose firewall management interfaces to the public internet.
  • Limit access to trusted users only.

Reference

For more in-depth information about the threat, please visit the following link:

If you have any questions about this Cybersecurity Threat Advisory, don’t hesitate to get in touch with Barracuda Managed XDR’s Security Operations Center.

This post originally appeared on Smarter MSP.

Related Post

2025’s Top Biotech Cybersecurity Threats & Risk Reduction

In 2025, cybersecurity threats are evolving faster than ever with attackers leveraging AI technologies and targeting high-value industries like biotechnology.

2025, Biotech, Business, cybersecurity, Finance, QSOL Featured, Syndicated, Technology, threats

Cybersecurity Threat Advisory: Aviatrix Controller vulnerability

A critical security vulnerability in the Aviatrix Controller cloud networking platform has been discovered and is actively exploited by threat

Aviatrix Controller, critical vulnerability, cybersecurity, Cybersecurity Threat Advisory, Featured, Security, security flaw, Syndicated, Technology, Threat Advisory, vulnerability

Should Your Small Business Adopt An MSP For

Integral to the workplace’s digital transformation is the question every organisation faces: Should you outsource your UC management to a

Business, Collaboration, communication, Culture, managed service provider, Security, Service Management, Service Provider, Small Business, SMBs, Syndicated, Technology, UCaaS, Unified Communications

Touching the Current User Registry Hive with Intune

Let’s cut to the chase—this title doesn’t exactly scream excitement, but it does get straight to the point. If you’ve

app, Microsoft, Security, Syndicated, Windows 11