Fortinet Warns of Actively Exploited Zero-Day in FortiGate Firewalls
Fortinet has revealed a critical zero-day vulnerability, CVE-2024-55591, in some of its FortiGate firewalls. Disclosed on January 14, 2025, this vulnerability is actively exploited in the wild and has a CVSS score of 9.6, indicating severe impact.
Arctic Wolf observed a massive exploitation campaign affecting FortiGate devices since December 2024. The campaign involved threat actors altering firewall configurations and extracting credentials using DCSync. Fortinet confirmed this active exploitation.
The vulnerability allows an authentication bypass and affects FortiOS versions 7.0.0 through 7.0.16 and FortiProxy versions 7.0.0 through 7.0.19 and versions 7.2.0 through 7.2.12. To mitigate, users should upgrade their software and apply a workaround involving local-in policies and address groups. Fortinet also recommends limiting IP addresses that can reach the administrative interface.
Fortinet's disclosure of CVE-2024-55591 highlights the urgent need for users to upgrade their FortiOS and FortiProxy software and apply the recommended workarounds. By doing so, they can protect their systems from active exploitation and potential data breaches.
Read also:
- Regensburg Customs Crackdown Nets 40+ Violations in Hotel Industry
- Mural at blast site in CDMX commemorates Alicia Matías, sacrificing life for granddaughter's safety
- Sanae Takaichi Set to Make History as Japan's First Female PM, Bringing Controversial Views
- Brazilian Man Arrested for Alleged Role in FBI InfraGard Leak
