Critical FortiGate Firewall Zero-Day Vulnerability: Exploitation Alert and Security Fixes

Jan 15, 2025

Fortinet has recently confirmed the active exploitation of a critical zero-day vulnerability affecting its FortiGate firewall devices. This vulnerability allows unauthorized attackers to gain administrative access, modify configurations, and extract sensitive credentials.

Vulnerability Details

Critical FortiGate Firewall Zero-Day Vulnerability: Exploitation Alert and Security Fixes Summary

The flaw, identified as CVE-2024-55591, is an authentication bypass issue in FortiOS and FortiProxy. It enables remote attackers to obtain super-admin privileges by sending crafted requests to the Node.js websocket module. The affected versions include FortiOS 7.0.0 through 7.0.16, FortiProxy 7.0.0 through 7.0.19, and FortiProxy 7.2.0 through 7.2.12.

Exploitation in the Wild

Cybersecurity firm Arctic Wolf reported that, since mid-November 2024, threat actors have targeted FortiGate firewalls with exposed management interfaces. The attack sequence involved unauthorized administrative logins, creation of new accounts, SSL VPN authentications, and various configuration changes. The campaign appeared opportunistic, affecting a diverse range of organizations without specific targeting.

Fortinet's Response

Fortinet has released an advisory acknowledging the vulnerability and its exploitation. The company recommends users immediately update to the latest firmware versions to mitigate the risk. Additionally, administrators are advised to disable public access to management interfaces and restrict access to trusted IP addresses.

Recommendations for Users

  1. Update Firmware: Upgrade to FortiOS version 7.0.17 or above, and FortiProxy versions 7.0.20 or above, and 7.2.13 or above.

  2. Restrict Management Access: Disable HTTP/HTTPS administrative interfaces on public networks or limit access to trusted IP addresses.

  3. Monitor for Anomalies: Regularly review logs for unusual login activities, especially those originating from unfamiliar IP addresses.

  4. Implement Strong Access Controls: Ensure that only authorized personnel have administrative access to firewall configurations.

Conclusion

The exploitation of this zero-day vulnerability underscores the importance of maintaining up-to-date systems and implementing robust security measures. Organizations using FortiGate firewalls should act promptly to apply the recommended updates and safeguards to protect their networks from potential breaches.

Disclaimer: ClearPhish maintains a strict policy of not participating in the theft, distribution, or handling of stolen data or files. The platform does not engage in exfiltration, downloading, hosting, or reposting any illegally obtained information. Any responsibility or legal inquiries regarding the data should be directed solely at the responsible cybercriminals or attackers, as ClearPhish is not involved in these activities. We encourage parties affected by any breach to seek resolution through legal channels directly with the attackers responsible for such incidents.

Latest News

2025's Largest Supply Chain Hack: Oracle Cloud Breach Exposes 6M Records Across 140K+ Tenants
2025's Largest Supply Chain Hack: Oracle Cloud Breach Exposes 6M Records Across 140K+ Tenants
2025's Largest Supply Chain Hack: Oracle Cloud Breach Exposes 6M Records Across 140K+ Tenants
2025's Largest Supply Chain Hack: Oracle Cloud Breach Exposes 6M Records Across 140K+ Tenants

2025's Largest Supply Chain Hack: Oracle Cloud Breach Exposes 6M Records Across 140K+ Tenants

2025's Largest Supply Chain Hack: Oracle Cloud Breach Exposes 6M Records Across 140K+ Tenants

2025's Largest Supply Chain Hack: Oracle Cloud Breach Exposes 6M Records Across 140K+ Tenants

2025's Largest Supply Chain Hack: Oracle Cloud Breach Exposes 6M Records Across 140K+ Tenants

Mar 27, 2025

Elon Musk Claims X Hit by Massive Cyberattack from 'Ukraine Area' – Platform Disrupted
Elon Musk Claims X Hit by Massive Cyberattack from 'Ukraine Area' – Platform Disrupted
Elon Musk Claims X Hit by Massive Cyberattack from 'Ukraine Area' – Platform Disrupted
Elon Musk Claims X Hit by Massive Cyberattack from 'Ukraine Area' – Platform Disrupted

Elon Musk Claims X Hit by Massive Cyberattack from 'Ukraine Area' – Platform Disrupted

Elon Musk Claims X Hit by Massive Cyberattack from 'Ukraine Area' – Platform Disrupted

Elon Musk Claims X Hit by Massive Cyberattack from 'Ukraine Area' – Platform Disrupted

Elon Musk Claims X Hit by Massive Cyberattack from 'Ukraine Area' – Platform Disrupted

Mar 12, 2025

Bybit Suffers Historic $1.5 Billion Ethereum Heist
Bybit Suffers Historic $1.5 Billion Ethereum Heist
Bybit Suffers Historic $1.5 Billion Ethereum Heist
Bybit Suffers Historic $1.5 Billion Ethereum Heist

Bybit Crypto Exchange Hit by $1.5 Billion Ethereum Hack – Largest Digital Heist in History

Bybit Crypto Exchange Hit by $1.5 Billion Ethereum Hack – Largest Digital Heist in History

Bybit Crypto Exchange Hit by $1.5 Billion Ethereum Hack – Largest Digital Heist in History

Bybit Crypto Exchange Hit by $1.5 Billion Ethereum Hack – Largest Digital Heist in History

Feb 25, 2025

Harley-Davidson Data Breach: Over 66,700 Customer Records Exposed by Cybercriminals
Harley-Davidson Data Breach: Over 66,700 Customer Records Exposed by Cybercriminals
Harley-Davidson Data Breach: Over 66,700 Customer Records Exposed by Cybercriminals
Harley-Davidson Data Breach: Over 66,700 Customer Records Exposed by Cybercriminals

Harley-Davidson Data Breach: Over 66,700 Customer Records Exposed by Cybercriminals

Harley-Davidson Data Breach: Over 66,700 Customer Records Exposed by Cybercriminals

Harley-Davidson Data Breach: Over 66,700 Customer Records Exposed by Cybercriminals

Harley-Davidson Data Breach: Over 66,700 Customer Records Exposed by Cybercriminals

Feb 12, 2025

Cybercriminal Claims to Have Stolen Waze User Data, Including GPS Locations
Cybercriminal Claims to Have Stolen Waze User Data, Including GPS Locations
Cybercriminal Claims to Have Stolen Waze User Data, Including GPS Locations
Cybercriminal Claims to Have Stolen Waze User Data, Including GPS Locations

Cybercriminal Claims to Have Stolen Waze User Data, Including GPS Locations

Cybercriminal Claims to Have Stolen Waze User Data, Including GPS Locations

Cybercriminal Claims to Have Stolen Waze User Data, Including GPS Locations

Cybercriminal Claims to Have Stolen Waze User Data, Including GPS Locations

Feb 12, 2025

Alkem Labs Loses ₹22 Crore in Cyber Fraud: A Case of Business Email Compromise (BEC)
Alkem Labs Loses ₹22 Crore in Cyber Fraud: A Case of Business Email Compromise (BEC)
Alkem Labs Loses ₹22 Crore in Cyber Fraud: A Case of Business Email Compromise (BEC)
Alkem Labs Loses ₹22 Crore in Cyber Fraud: A Case of Business Email Compromise (BEC)

Alkem Labs Loses ₹22 Crore in Cyber Fraud: A Case of Business Email Compromise (BEC)

Alkem Labs Loses ₹22 Crore in Cyber Fraud: A Case of Business Email Compromise (BEC)

Alkem Labs Loses ₹22 Crore in Cyber Fraud: A Case of Business Email Compromise (BEC)

Alkem Labs Loses ₹22 Crore in Cyber Fraud: A Case of Business Email Compromise (BEC)

Feb 11, 2025

Get updates in your inbox directly

You are now subscribed.

Get updates in your inbox directly

You are now subscribed.

Get updates in your

inbox directly

You are now subscribed.

Get updates in your inbox directly

You are now subscribed.

Enable your employees as first line of defense and expand your digital footprints without any fear.

Enable your employees as first line of defense and expand your digital footprints without any fear.

Enable your employees as first line of defense and expand your digital footprints without any fear.

Enable your employees as first line of defense and expand your digital footprints without any fear.