menu
close
close

Follow us

Social Media
Social Media
Social Media
Social Media
Social Media

Experienced a potential cyberattack or suspicious activity?

What are you looking for?
close
    home icon for breadcrumb
  1. Home
  2. Stay Alert
  3. All Threats
  4. Critical Vulnerability in FortiOS and FortiProxy
  • published 1/21/25 6:03 AM
  • updated 15 January 2025
  • 3 min Read

Critical Vulnerability in FortiOS and FortiProxy

Alert Rating

Critical

Audience

Corporations, Government

On this page

Critical Vulnerability in FortiOS and FortiProxy

Fortinet has identified a severe vulnerability in FortiOS and FortiProxy that allows unauthenticated remote attackers to bypass authentication mechanisms and gain “super-admin” privileges.

This critical flaw has been actively exploited in the wild. Fortinet has observed threat actors performing malicious post-exploitation activities, including the creation of random administrative and local user accounts, modification of system configurations (e.g., firewall policies), and the use of SSL VPN for unauthorized access to internal network.

 

  • CVE Identifier: CVE-2024-55591
  • Severity: CVSSv3 Score    9.6 Critical
  • Vulnerability Type: Authentication Bypass (CWE-288)
  • Impact: Remote unauthenticated attackers can gain super-admin access to FortiOS and FortiProxy devices.

 

Affected Versions

  • FortiOS 7.0.0 through 7.0.16
  • FortiProxy 7.0.0 through 7.0.19
  • FortiProxy 7.2.0 through 7.2.12

 

Fixed Versions

  • FortiOS 7.0: Upgrade to 7.0.17 or above
  • FortiProxy 7.0: Upgrade to 7.0.20 or above
  • FortiProxy 7.2: Upgrade to 7.2.13 or above
     

Attachments

Critical Vulnerability in FortiOS and FortiProxy.pdf

0.23 MB

Take Action

Protect yourself
  • Upgrade affected versions of FortiOS and FortiProxy to fixed versions immediately.
  • Monitor systems for indicators of compromise and Conduct a thorough security assessment of potentially affected systems.
     

Attachments

Stay Connected

Follow our channels
Follow our social media channels to stay up to date.
Social Icon Social Icon Social Icon Social Icon Social Icon

Take Action

Spread Awareness

Share this threat to raise awareness and help others stay alert

GET INVOLVED

Make a Difference
Get involved with CSC and play a part in safeguarding the UAE's digital landscape.

Other Threats

20 January 2025

Alert rating

Critical

Critical Vulnerability in F5 Traffix SDC

A critical vulnerability has been discovered in F5 Traffix SDC, linked to Apache Tomcat, which could allow attackers to gain unauthorized access to compromised systems.

Protecting

Corporations, Government

share share

17 January 2025

Alert rating

High

Security Updates - NVIDIA

NVIDIA has released security updates to address multiple vulnerabilities in the NVIDIA Container Toolkit and NVIDIA GPU Operator.

Protecting

Corporations, Government

share share

16 January 2025

Alert rating

Critical

Critical Vulnerability in FortiSwitch Devices

A critical vulnerability (CVE-2023-37936) has been discovered in multiple versions of Fortinet FortiSwitch devices. This vulnerability, classified as a use of hard-coded cryptographic key [CWE-321], allows a remote unauthenticated attacker in possession of the key to execute unauthorized code via crafted cryptographic request.

Protecting

Corporations, Government

share share
Report an Incident
Get Involved

Follow us

Social Media
Social Media
Social Media
Social Media
Social Media

© 2025 CYBER SECURITY COUNCIL UAE. All rights reserved.

Privacy Policy Terms & Conditions