A critical 0-day vulnerability has been discovered in FortiGate, and it is currently being exploited by attackers to gain unauthorized access to corporate VPNs.

Key Details About the Vulnerability:

Full Device Takeover from the Internet

• The vulnerability enables attackers to gain super-admin privileges remotely, potentially compromising the entire system.

Active Exploitation in the Wild

• Real-world attacks exploiting this vulnerability are believed to have started around December 2024.
• The identity of the threat actor(s) remains unknown.
• Attackers are leveraging this exploit to:Create new admin accountsReconfigure firewallsTunnel malicious traffic into local networks

Affected Versions

• FortiOS: Versions 7.0.0 to 7.0.16
• FortiProxy: Versions in the 7.0.x and 7.2.x branches

Critical Severity

• Designated as CVE-2024-55591, Fortinet rates this vulnerability as critical, with a CVSS score of 9.6/10.
• Technical description: “Execute unauthorized code or commands”, stemming from an authentication bypass that allows attackers to access super-admin privileges if they can reach the admin login page.

Mitigation Steps

Apply Patches Immediately

• Ensure that your systems are updated to the latest, secure firmware versions.

Restrict Access to the Web Admin Panel

• Do not expose the web-based administrative interface of your devices to the internet.

Conduct a Post-Incident Analysis

• If you have previously exposed the admin panel and were running one of the affected versions, it is critical to perform a thorough forensic analysis to identify any potential breaches.

This vulnerability highlights the critical importance of proactive patch management and minimizing attack surfaces. Cybersecurity is not just about defense—it’s about vigilance. Ensure your teams act swiftly to safeguard your networks and data.

URBlink can take care about your network, feel free to contact us.