Businesses Alerted to Critical Fortinet Vulnerability CVE-2024-55591
Fortinet, a major player in network security, has confirmed another active exploitation of a critical vulnerability (CVE-2024-55591) in its FortiOS and FortiProxy systems. The flaw, given a severity score of 9.6 out of 10, poses a significant risk to organizations worldwide. The exploit may allow remote attackers to gain super-admin privileges through specially crafted requests targeting the Node.js websocket module.
Widespread Exploitation Likely
The Fortinet Vulnerability CVE-2024-55591 affects FortiGate firewall devices running FortiOS versions 7.0.0 through 7.0.16 and FortiProxy versions 7.0.0 through 7.0.19, as well as versions 7.2.0 through 7.2.12. Cybersecurity researchers from Arctic Wolf have noted unusual activity on FortiGate devices since early December, flagging a high probability of widespread and coordinated exploitation.
The critical nature of this bug arises from its potential to bypass authentication mechanisms entirely, granting attackers super-admin access. Once inside, hackers can gain deep and unrestricted control over systems, opening the door to data theft, service outages, and broader breaches across connected networks.
Fortinet’s Response
Fortinet has issued an advisory urging affected customers to apply patches immediately and enable monitoring for anomalous activity. The company has emphasized the high levels of maintenance work that comes with their products and the need for “timely patching practices” as a critical step in mitigating the Fortinet Vulnerability CVE-2024-55591 risk.
There is no “set it and forget it” SaaS type offering with Fortinet, a high level of alertness is needed. “We are proactively working with customers to provide solutions and guidance,” Fortinet stated, highlighting its efforts to educate users about implementing appropriate mitigations. Despite these immediate actions, concerns remain regarding the inherent risk levels of devices exposed to the internet.
Why This Matters
With VPN solutions like FortiGate positioned as the first line of defense for many enterprises, weaknesses in their systems have elevated them to prime targets for attackers. Forescout’s vice president of research, Elisa Costante, notes that firewalls and VPNs connected directly to the internet are particularly attractive vulnerabilities. Gaining access to one of these devices provides a hacker with a critical foothold into the broader organizational IT ecosystem.
The rising number of exploits targeting Fortinet devices highlights the urgent need for businesses to adopt more robust and secure solutions to safeguard their infrastructure. Cloudbrink’s Personal SASE ZTNA offers a compelling alternative, eliminating the need for open ports and leveraging automated moving target defense to outsmart potential attackers.
Exploring Options
Organizations affected by the Fortinet Vulnerability CVE-2024-55591 —or those seeking to future-proof their network security—are considering alternative solutions to bolster their defenses against these types of devastating exploits.
For readers interested in a deeper examination of how to address these challenges with forward-thinking technologies, a detailed blog post offers insights into alternatives like Cloudbrink Personal SASE. Learn about how it addresses key enterprise security concerns while providing enhanced performance and simplified management.
