关联漏洞
标题:
Fortinet FortiOS和FortiProxy 安全漏洞
(CVE-2024-55591)
描述:Fortinet FortiOS和Fortinet FortiProxy都是美国飞塔(Fortinet)公司的产品。Fortinet FortiOS是一套专用于FortiGate网络安全平台上的安全操作系统。该系统为用户提供防火墙、防病毒、IPSec/SSLVPN、Web内容过滤和反垃圾邮件等多种安全功能。Fortinet FortiProxy是一种安全的网络代理,通过结合多种检测技术,如Web过滤、DNS过滤、DLP、反病毒、入侵防御和高级威胁保护,可以保护员工免受网络攻击。FortiProxy有助于减
描述
An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS and FortiProxy may allow a remote attacker to gain super-admin privileges via crafted requests to Node.js websocket module.
介绍
# CVE-2024-55591 PoC
This repository contains an **PoC (Proof of Concept)** for **CVE-2024-55591**, a critical authentication bypass vulnerability discovered in Fortinet's FortiOS and FortiProxy products.
## **Vulnerability Overview**
**CVE-2024-55591** is an **authentication bypass vulnerability** caused by an alternative path or channel (CWE-288). The vulnerability affects FortiOS versions 7.0.0 to 7.0.16 and FortiProxy versions 7.0.0 to 7.0.19 and 7.2.0 to 7.2.12. A remote attacker can exploit this flaw to gain **super-admin privileges** by sending specially crafted requests to the Node.js WebSocket module.
### **Details**
- **Base Score (CVSS):** 9.8 (CRITICAL)
- **NVD Published Date:** 01/14/2025
## **Technical analysis [WIP]**
[Deep dive into CVE-2024-55591.md](https://github.com/virus-or-not/CVE-2024-55591/blob/main/Deep%20dive%20into%20CVE-2024-55591.md)
## Demo
<p align="center">
<img src="https://github.com/user-attachments/assets/035f452d-fc5e-410c-a0da-ddf3ecc0d79f" alt="Usage example">
</p>
## Usage
```python
usage: CVE-2024-55591.py [-h] --target TARGET [--port PORT] --username USERNAME --command COMMAND [--debug]
CVE-2024-55591 exploit by @virus-or-not
options:
-h, --help show this help message and exit
--target TARGET Target IP address
--port PORT Target port (default: 443)
--username USERNAME Admin account username
--command COMMAND Command to execute
--debug Enable debug mode (default: False)
```
## **Affected Versions**
- **FortiOS:** Versions 7.0.0 – 7.0.16
- **FortiProxy:**
- Versions 7.0.0 – 7.0.19
- Versions 7.2.0 – 7.2.12
## **Mitigation**
Fortinet has released patches to address this vulnerability. It is strongly recommended to update affected products to the following versions:
- **FortiOS:** Update to version 7.0.17 or higher
- **FortiProxy 7.0:** Update to version 7.0.20 or higher
- **FortiProxy 7.2:** Update to version 7.2.13 or higher
For detailed instructions, refer to the [official Fortinet advisory](https://fortiguard.fortinet.com/psirt/FG-IR-24-535).
## **Purpose of this PoC**
This PoC is created to demonstrate the exploitation mechanism of CVE-2024-55591 for **educational and research purposes only**. Use this code in controlled and authorized environments **only**.
## **Disclaimer**
Exploitation of this vulnerability without proper authorization is illegal and can lead to severe consequences. The author assumes **no liability** for any misuse of this PoC.
## **References**
- [Fortinet Advisory on CVE-2024-55591](https://fortiguard.fortinet.com/psirt/FG-IR-24-535)
- [Tenable Analysis of CVE-2024-55591](https://www.tenable.com/blog/cve-2024-55591-fortinet-authentication-bypass-zero-day-vulnerability-exploited-in-the-wild)
- [Arctic Wolf: Analysis of Fortinet Exploits](https://arcticwolf.com/resources/blog/console-chaos-targets-fortinet-fortigate-firewalls/)
文件快照
[4.0K] /data/pocs/28c9e74fb63d07504d7fb9e0c99d3864a28efff6
├── [5.2K] CVE-2024-55591.py
├── [ 11K] Deep dive into CVE-2024-55591.md
├── [1.0K] LICENSE
└── [2.9K] README.md
0 directories, 4 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。