Critical Fortinet's Zero-Day Nightmare: Authentication Bypass Vulnerability Actively Exploited

CVE-2024-55591: Fortinet Authentication Bypass Zero-Day vulnerability 

This authentication bypass vulnerability enables unauthenticated remote attackers to achieve super-admin privileges by exploiting a Node.js WebSocket module. Fortinet confirmed active exploitation.

In November 2024, Arctic Wolf researchers detected suspicious activity targeting Fortinet FortiGate firewalls, later linked to CVE-2024-55591. Their analysis revealed a four-phase attack campaign:

1. Scanning

2. Reconnaissance

3. SSL VPN Configuration

4. Lateral Movements 

Arctic Wolf’s findings align with indicators of compromise (IoCs) shared by Fortinet.

Historically 

Fortinet has a history of being targeted by advanced persistent threat (APT) actors. Previous vulnerabilities include:

CVE-2024-21762: Out-of-Bound Write in sslvpnd (February 2024)

CVE-2023-27997: Heap-Based Buffer Overflow (June 2023)

CVE-2022-42475: Zero-Day in SSL VPNs (December 2022)

CVE-2022-40684: Authentication Bypass (October 2022)

Proof of Concept

As of now, there are no public proof-of-concept exploits for CVE-2024-55591.

Mitigation 

Fortinet's advisory (FG-IR-24-535) provides the following mitigation steps:

Patches

FortiOS 7.0: Upgrade to 7.0.17+

FortiProxy 7.0: Upgrade to 7.0.20+

FortiProxy 7.2: Upgrade to 7.2.13+

Workarounds

Fortinet advises applying IoCs and workaround configurations if immediate patching isn’t possible.

Other Vulnerabilities

On January 14, Fortinet addressed additional vulnerabilities:

For a full list, refer to Fortinet’s January 14 advisories.

 Affected Systems

Tenable customers can utilize the following tools to detect vulnerabilities:

1. Tenable Plugins: Updated plugins for CVE-2024-55591 can be found on Tenable’s CVE page.

2. Tenable Attack Surface Management: This tool identifies public-facing Fortinet assets.

For more information, consult Fortinet’s official advisory.

Source: https://www.fortiguard.com/psirt/FG-IR-24-535

Zero-Day Alert: Fortinet Firewalls Targeted in Suspected Exploits of Exposed Interfaces

 

Zero-Day Vulnerability Targets Exposed FortiGate Firewalls: Attack Campaign Uncovered

Cybersecurity experts are raising alarms over a new campaign targeting Fortinet FortiGate firewall devices with publicly exposed management interfaces. This sophisticated attack involved unauthorized access to firewall management interfaces, the creation of new accounts, exploitation of SSL VPNs, and various configuration changes, as noted by cybersecurity firm Arctic Wolf in a recent analysis.

Tenable Halts Nessus Agents After Faulty Update Causes Issues

 

Tenable Disables Nessus Agents After Faulty Update Causes Offline Issues

Tenable has disabled two versions of Nessus scanner agents after identifying a critical issue that caused them to go offline following differential plugin updates. This measure was taken to prevent further disruption to users and ensure agent stability.

FireScam Malware Breakdown: Unmasking Its Infostealer and Spyware Functions

 

New Android Malware 'FireScam' Poses Serious Threat to User Privacy

A recently discovered Android malware, named FireScam, is raising alarms across the cybersecurity community due to its extensive spying and information-stealing capabilities. According to reports from threat intelligence company Cyfirma, FireScam can collect sensitive data from a wide array of applications, posing significant risks to Android users.

Chinese Hackers Target US Treasury in Critical Cybersecurity Incident

 

Chinese Hackers Breach US Treasury in Major Cybersecurity Incident

In a concerning cybersecurity breach, Chinese state-sponsored hackers gained unauthorized access to workstations and unclassified documents within the U.S. Treasury Department. The incident occurred after the hackers compromised a cloud-based service operated by BeyondTrust, a vendor responsible for providing remote technical support to the department.

Fake Job Interviews, Real Threats: The Rise of OtterCookie Malware

 

North Korean Hackers Unleash OtterCookie Malware in Sophisticated Job Scam

North Korean cyber operatives have unveiled a new weapon in their digital arsenal. Dubbed OtterCookie, this JavaScript-based malware is the latest addition to the Contagious Interview campaign, targeting job seekers with cunning precision.

Global Espionage? Chinese Cyber Centre Accuses U.S. of Tech Firm Hacks

 

U.S. Accused of Cyberattacks and Trade Secret Theft by Chinese Cybersecurity Centre

A Chinese cybersecurity organization has accused the United States of conducting cyberattacks to steal business secrets from a research center and a high-tech data company. The allegations come amidst a U.S. national security investigation into the Chinese router manufacturer TP-Link, further escalating cyber tensions between the two nations.