Exploit for Authentication Bypass Using an Alternate Path or Channel in Fortinet Fortiproxy
Discription

image
ScaryByte R&D PoC for CVE-2024-55591 A comprehensive all-in-one Python-based Proof of Concept script to discover and exploit a critical authentication bypass vulnerability (CVE-2024-55591) in certain Fortinet devices. This script: Installs Missing Dependencies automatically Optionally Scans a target host for open ports using nmap Performs Pre-flight Checks to ensure the service is a Fortinet device and is vulnerable Exploits the WebSocket interface to hijack a Telnet-like CLI session Runs an Initial or Multiple Commands post-exploit Checks the Device Version against known vulnerable ranges from Fortinet PSIRT FG-IR-24-535 Table of Contents Vulnerability Summary Affected Versions Pre-Requisites Usage 1. Clone & Install 2. Run the Script 3. Follow the Wizard Features Automatic Dependency Installation Optional Nmap SYN Scanning Multi-Port Testing Post-Exploitation Commands Version Parsing and Vulnerability Check Example Walkthrough 1. Initial Wizard Prompts 2. Nmap Results & Port Selection 3. Exploitation Flow 4. Post-Exploitation Flow Disclaimer Vulnerability Summary CVE-2024-55591 is a critical authentication bypass in certain Fortinet products (FortiOS & FortiProxy). By exploiting a flaw in the WebSocket/Telnet management interface, an attacker can gain privileged CLI access without valid credentials. Affected Versions According to the Fortinet PSIRT Advisory (FG-IR-24-535), the following versions are known to be affected: FortiOS: 7.0.0 to 7.0.16 FortiProxy: 7.0.0…Read More

Back to Main

Subscribe for the latest news: