来源

关联漏洞

描述

#PoC for CVE-2024-55591 Authentication bypass Affects: FortiOS 7.0.0 to 7.0.16 , FortiProxy 7.0.0 to 7.0.19 ,FortiProxy 7.2.0 to 7.2.12

介绍

# Proof of Concept for CVE-2024-55591 Exploit

This script is a **Proof of Concept (PoC)** designed to test and exploit the **CVE-2024-55591** vulnerability in vulnerable versions of **FortiOS** and **FortiProxy**. It bypasses authentication on Fortinet devices running vulnerable firmware, potentially allowing unauthorized access to sensitive management interfaces.

**Warning**: This PoC is intended for educational purposes and to demonstrate the exploitability of the CVE. It should only be used in a controlled environment with explicit permission from the target system's owner.

## Affected Versions
- **FortiOS**: v7.0.0 to v7.0.16
- **FortiProxy**: v7.0.0 to v7.0.19, v7.2.0 to v7.2.12

For more information about this vulnerability, refer to the [FortiGuard PSIRT advisory](https://fortiguard.fortinet.com/psirt/FG-IR-24-535).

## Prerequisites

The script requires the following Python libraries to be installed:
- **requests**: A simple HTTP library to make requests to the target system.
- **urllib3**: To handle SSL certificates and HTTP requests securely.

You can install these dependencies via `pip`:

```bash
pip install requests urllib3
```

### Optional: WebSocket & SSL Handling
The script handles WebSocket connections for exploitation and optionally uses SSL to connect to the target system.

## Usage

1. **Clone the repository** (or copy the script):
   
   ```bash
   git clone https://github.com/rawtips/CVE-2024-55591.git
   cd CVE-2024-55591
   ```

2. **Run the exploit**:

   ```bash
   python3 exploit.py
   ```

3. The script will guide you through a series of prompts to gather input:
   - **Target IP/Hostname**: Enter the IP address or hostname of the target system.
   - **Ports**: Input a port to connect to (usually the management port, like `443` for SSL).
   - **SSL Option**: Choose whether to use SSL (recommended for secure connections).
   - **Command Selection**: Choose an initial command to run on the target system after successful exploitation (e.g., `get system info`, `execute reboot`).
   - **Post-Exploitation**: Optionally run additional commands (e.g., diagnostic tools, shell access).

4. **Exploitation Process**:
   - The script will attempt to connect to the target system's management interface and exploit CVE-2024-55591 by bypassing the login mechanism.
   - Once connected, it will send the initial command and, if desired, execute post-exploitation commands.

## How It Works

1. **Pre-flight Checks**:
   - The script will check if the target system is running a vulnerable version of FortiOS or FortiProxy on the specified port.
   - If it detects the target system and verifies it's running the vulnerable software version, it proceeds with the exploitation.

2. **WebSocket Connection**:
   - After the pre-flight check, the script establishes a WebSocket connection to the management interface.

3. **Exploitation**:
   - Once connected, the script sends the required login context and then sends a predefined or custom command (such as `get system info`) to the target.

4. **Post-Exploitation**:
   - If post-exploitation is enabled, the script will run additional commands on the target system to gather further information or provide a shell access.

## Notes

- **Legal Warning**: You must have permission to test and exploit the target system. Unauthorized access or actions may be illegal and unethical.
- **Intended Use**: This PoC is for educational purposes only and should only be used in a safe, controlled environment.
- **Target Systems**: This PoC is intended for FortiOS and FortiProxy systems running the affected versions listed above. It will not work on patched or updated systems.

文件快照

 [4.0K]  /data/pocs/dc3b826163803e1e398e5f236e6025720a467d35
├── [ 15K]  exploit.py
└── [3.6K]  README.md

0 directories, 2 files

备注