← ExploitWatch
HomeExploited Vulnerabilities

CVE-2024-55591 — Actively Exploited: FortiOS and FortiProxy (Fortinet)

Fortinet FortiOS and FortiProxy contain an authentication bypass vulnerability that may allow an unauthenticated, remote attacker to gain super-admin privileges via crafted requests to Node.js websocket module.

CVE IDCVE-2024-55591
VendorFortinet
ProductFortiOS and FortiProxy
Vulnerability nameFortinet FortiOS and FortiProxy Authentication Bypass Vulnerability
Date added2025-01-14
Remediation due2025-01-21
Known ransomware useKnown
Required actionApply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
DescriptionFortinet FortiOS and FortiProxy contain an authentication bypass vulnerability that may allow an unauthenticated, remote attacker to gain super-admin privileges via crafted requests to Node.js websocket module.
SourceCISA Known Exploited Vulnerabilities

🔍 Search all exploited vulnerabilities →