Computer Security News

50,000 Fortinet Firewalls Remain Vulnerable to Critical Zero-Day Exploit

As of January 22, 2025, nearly 50,000 Fortinet firewall devices remain exposed to a critical zero-day vulnerability (CVE-2024-55591) despite urgent warnings and available patches.

The flaw, which has been actively exploited since November 2024, allows attackers to bypass authentication and gain super-admin privileges on affected systems.

CVE-2024-55591 is an authentication bypass vulnerability in Fortinet’s FortiOS and FortiProxy products.

Exploitation involves sending crafted requests to the Node.js WebSocket module, enabling attackers to execute unauthorized commands, create rogue admin accounts, modify firewall policies, and establish VPN tunnels for lateral movement within networks.

The vulnerability has a CVSSv3 score of 9.6, underscoring its severity.

The flaw affects FortiOS versions 7.0.0 through 7.0.16 and FortiProxy versions 7.0.0 through 7.0.19 and 7.2.0 through 7.2.12. Fixed versions—FortiOS 7.0.17 or higher and FortiProxy 7.2.13 or higher—were released on January 14, 2025.

Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free

Cybersecurity researchers have tracked exploitation campaigns leveraging this vulnerability since mid-November 2024. Attackers reportedly conducted phased operations:

  • Vulnerability Scanning: November 16–23, 2024
  • Reconnaissance: November 22–27, 2024
  • SSL VPN Configuration: December 4–7, 2024
  • Lateral Movement: December 16–27, 2024

These campaigns targeted publicly exposed management interfaces of Fortinet firewalls, enabling unauthorized administrative logins and subsequent network infiltration.

Data from the Shadowserver Foundation reveals that over 50,000 devices remain unpatched as of January 21, with significant concentrations in Asia (20,687), North America (12,866), and Europe (7,401). This widespread exposure highlights the slow adoption of critical patches by organizations.

Mitigation and Recommendations

Fortinet has advised users to immediately apply the available patches or implement workarounds if updates cannot be deployed promptly. Recommended actions include:

  1. Upgrade Firmware: Update to FortiOS version 7.0.17 or later and FortiProxy versions 7.2.13 or later.
  2. Restrict Access: Disable HTTP/HTTPS administrative interfaces or limit access to trusted IP addresses using local-in policies.
  3. Monitor Networks: Review indicators of compromise (IoCs), such as unauthorized account creation or changes to firewall configurations.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2024-55591 to its Known Exploited Vulnerabilities (KEV) catalog, mandating federal agencies to patch affected systems by January 21.

Despite the availability of fixes and clear evidence of active exploitation in the wild, many organizations have yet to address this critical vulnerability. Experts warn that delayed action could lead to further compromises, including potential ransomware attacks.

Organizations relying on Fortinet products are urged to prioritize patching efforts and strengthen their cybersecurity posture immediately to mitigate risks associated with this high-severity flaw.

Integrating Application Security into Your CI/CD Workflows Using Jenkins & Jira -> Free Webinar

Guru Baran

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Recent Posts

Cybersecurity in Mergers and Acquisitions – CISO Focus

Cybersecurity in mergers and acquisitions is crucial, as M&A activities represent key inflection points for…

2 hours ago

Top Cybersecurity Trends Every CISO Must Watch in 2025

In 2025, cybersecurity trends for CISOs will reflect a landscape that is more dynamic and…

2 hours ago

Zero Trust Architecture – A CISO’s Blueprint for Modern Security

Zero-trust architecture has become essential for securing operations in today’s hyper-connected world, where corporate network…

2 hours ago

Chrome 136 Released With Patch For 20-Year-Old Privacy Vulnerability

The Chrome team has officially promoted Chrome 136 to the stable channel for Windows, Mac,…

2 hours ago

SecAI Debuts at RSA 2025, Redefining Threat Investigation with AI

By fusing agentic AI and contextual threat intelligence, SecAI transforms investigation from a bottleneck into…

12 hours ago

How Healthcare Providers Investigate And Prevent Cyber Attacks: Real-world Examples

According to IBM Security annual research, "Cost of a Data Breach Report 2024", an average…

13 hours ago