About Authentication Bypass – FortiOS (CVE-2024-55591) vulnerability. A critical flaw allows remote attackers to gain super-admin privileges via crafted requests to the Node.js websocket module. Affected systems include Fortinet devices running FortiOS (e.g., FortiGate NGFW) and FortiProxy. On January 10, Arctic Wolf reported attacks on Fortinet devices that began in November 2024. Attackers create accounts with random names, modify device settings, and gain access to internal systems. The vendor advisory was published on January 14. The vulnerability was added to the CISA KEV. A public exploit has been available on GitHub since January 21. As of January 26, Shadow Server reports around 45,000 vulnerable devices accessible from the Internet. The vendor recommends updating FortiOS and FortiProxy to secure versions and restricting or disabling administrative HTTP/HTTPS interfaces. На…Read More