关联漏洞
标题:
Fortinet FortiOS和FortiProxy 安全漏洞
(CVE-2024-55591)
描述:Fortinet FortiOS和Fortinet FortiProxy都是美国飞塔(Fortinet)公司的产品。Fortinet FortiOS是一套专用于FortiGate网络安全平台上的安全操作系统。该系统为用户提供防火墙、防病毒、IPSec/SSLVPN、Web内容过滤和反垃圾邮件等多种安全功能。Fortinet FortiProxy是一种安全的网络代理,通过结合多种检测技术,如Web过滤、DNS过滤、DLP、反病毒、入侵防御和高级威胁保护,可以保护员工免受网络攻击。FortiProxy有助于减
描述
CVE-2024-55591 Opening CMD (Command Line Interface), Creating a Superuser, and Managing VPN Groups
介绍
# CVE-2024-55591
### If you're reading this, you most likely know what we're talking about.
[DOWNLOAD](https://satoshidisk.com/pay/CNVBUk)
# Vulnerability Scanner
## Description
This script attempts to create a WebSocket connection at a random URI from a pre-authenticated perspective to the FortiOS management interface, and reviews the response to determine if the instance is VULNERABLE.
### Checks the file with ip addresses for vulnerability
## USEAGE
Checks your text document with ip addresses for vulnerabilities
```python check.py --file ips.txt --port 443```
# poc.py
## Description
Use this poc, you can bypass authentication and see system log.
## USAGE
```python3 poc.py [-h] --target TARGET [--port PORT]```
# ADMIN CREATION
## Description
Use this exp, you can Сreates administrator, adding an administrator to a VPN group.
## USEAGE
Set the required IP Address in the code before startup.
```python3 adadmin.py```
# CMD
## Description
Use this exp, you can bypass authentication and run cmd.
## USEAGE
```exp.py [-h] --target TARGET [--port PORT] [--username USERNAME] [--cmd CMD]```
## Affected Versions
-FortiOS 7.0.0 through 7.0.16
-FortiProxy 7.0.0 through 7.0.19
-FortiProxy 7.2.0 through 7.2.12
[More details](https://www.fortiguard.com/psirt/FG-IR-24-535)
[DOWNLOAD](https://satoshidisk.com/pay/CNVBUk)
文件快照
[4.0K] /data/pocs/a2f5ff10c5cd8a24f9e52e8ed8b7acbe14adf8b0
├── [5.5K] check.py
├── [7.9K] poc.py
└── [1.5K] README.md
0 directories, 3 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。