Summary: A severe zero-day vulnerability (CVE-2024-55591) affecting Fortinetβs FortiOS and FortiProxy products has been disclosed, posing a substantial risk to enterprise networks. The vulnerability, with a CVSS score of 9.8, allows attackers to create rogue administrative accounts and modify firewall policies, facilitating further attacks. Federal agencies are mandated by CISA to patch systems by January 21, 2025, due to the ongoing exploitation risks.
Affected: Fortinetβs FortiOS and FortiProxy products
Keypoints :
- Vulnerability affects FortiOS versions 7.0.0 through 7.0.16 and FortiProxy versions 7.0.0 through 7.0.19 and 7.2.0 through 7.2.12.
- Successful exploitation allows attackers to create unauthorized user accounts and modify sensitive network settings.
- CISA has included this vulnerability in its KEV catalog, urging swift patching to mitigate the threat.