Summary: Fortinet has patched a critical zero-day authentication bypass vulnerability in its FortiOS and FortiProxy products, tracked as CVE-2024-55591. The flaw allowed attackers to gain super-admin access, leading to unauthorized configuration changes and potential breaches of corporate networks. Users are advised to follow Fortinet’s upgrade recommendations to mitigate the risks associated with this vulnerability.
Affected: Fortinet FortiOS and FortiProxy products
Keypoints :
- Vulnerability allows remote attackers to gain super-admin privileges via crafted requests.
- Exploits enable actions such as creating unauthorized admin accounts and modifying firewall settings.
- Mitigation strategies include following recommended upgrades and using strong, non-guessable usernames for admin accounts.