Remote Attackers Exploit Fortinet Firewall Bug To Breach Company Networks

NEW DELHI - Jan. 17, 2025 - PRLog -- A critical zero-day vulnerability in Fortinet's FortiGate firewall systems is being exploited by malicious actors, as confirmed by the company. The vulnerability allows threat actors to gain unauthorized administrative access, manipulate system configurations, and access sensitive credentials.

Identified as CVE-2024-55591, the security flaw is an authentication bypass issue that affects FortiOS 7.0.0 through 7.0.16, FortiProxy 7.0.0 through 7.0.19, and FortiProxy 7.2.0 through 7.2.12. It allows remote attackers to gain super-admin privileges through requests sent to the Node.js WebSocket module. Fortinet has released security patches for all impacted versions.

Researchers at cybersecurity firm Arctic Wolf believe that since November 2024, the attackers have been targeting firewall devices with management interfaces exposed to the public internet. The observed attack pattern includes unauthorized admin login, creation of new accounts, SSL VPN authentication through those accounts, and several other configuration changes. The attackers also employed DCSync to extract credentials in compromised environments.

In a statement issued on Tuesday, Fortinet mentioned it has been actively engaging with customers, providing advance guidance and solutions to mitigate the risk. The company has urged users to upgrade to the latest firmware versions as a security measure. They also recommend that administrators disable public access to management interfaces and limit access to trusted IP addresses only.

"There are instances where confidential advance customer communications can include early guidance regarding an advisory to enable customers to further strengthen their security posture in advance of a scheduled public advisory," the company added.

This incident highlights a concerning trend where threat actors increasingly target network security infrastructure, particularly firewalls and VPN systems, recognizing their critical role as entry points to corporate IT environments.

As an expert in the technology hardware space, Uvation has been monitoring the situation closely. We recommend that Fortinet users adhere to the practice of timely updating the firmware on their firewall devices to patch any security flaws. Additionally, they should configure syslog monitoring on all devices to improve the odds of detecting any suspicious activity early.

For more information, visit our website at https://www.uvation.com/.