Exploit for Authentication Bypass Using an Alternate Path or Channel in Fortinet Fortiproxy
Discription

image
Proof of Concept for CVE-2024-55591 Exploit This script is a Proof of Concept (PoC) designed to test and exploit the CVE-2024-55591 vulnerability in vulnerable versions of FortiOS and FortiProxy. It bypasses authentication on Fortinet devices running vulnerable firmware, potentially allowing unauthorized access to sensitive management interfaces. Warning: This PoC is intended for educational purposes and to demonstrate the exploitability of the CVE. It should only be used in a controlled environment with explicit permission from the target system's owner. Affected Versions FortiOS: v7.0.0 to v7.0.16 FortiProxy: v7.0.0 to v7.0.19, v7.2.0 to v7.2.12 For more information about this vulnerability, refer to the FortiGuard PSIRT advisory. Prerequisites The script requires the following Python libraries to be installed: – requests: A simple HTTP library to make requests to the target system. – urllib3: To handle SSL certificates and HTTP requests securely. You can install these dependencies via pip: bash pip install requests urllib3 Optional: WebSocket & SSL Handling The script handles WebSocket connections for exploitation and optionally uses SSL to connect to the target system. Usage Clone the repository (or copy the script): bash git clone https://github.com/rawtips/CVE-2024-55591.git cd CVE-2024-55591 Run the exploit: bash python3 exploit.py The script will guide you through a series of prompts to gather input: Target IP/Hostname: Enter the IP address or…Read More

Back to Main

Subscribe for the latest news: