Immediate Action is Critical
A critical authentication bypass vulnerability affecting Fortinet’s FortiOS and FortiProxy systems known as CVE-2024-55591 has been detected. This zero-day exploit has been actively leveraged by attackers to compromise firewalls, gain super-admin privileges, and infiltrate internal networks. A zero-day exploit means that at the time of the patch, the attack is already underway, and there are systems that have been compromised.
CVE-2024-55591 is an authentication bypass flaw allowing attackers to exploit the Node.js websocket module by sending crafted requests. This vulnerability, with a severity score of 9.8, impacts FortiOS versions 7.0.0 to 7.0.16 (on Fortigates) and FortiProxy versions 7.0.0 to 7.0.19 and 7.2.0 to 7.2.12. Fortinet reports active exploitation of this vulnerability since November 2024, underscoring its critical nature. Fortigates running 7.2.x, 7.4.x, and 7.6.x are not affected.
Attackers have been observed creating unauthorized admin accounts, modifying firewall policies, and establishing SSL VPN tunnels to access internal networks. In response, Fortinet has issued patches to address the flaw, urging administrators to update to FortiOS version 7.0.17 or later and FortiProxy versions 7.0.20 or 7.2.13 and above.
At 256 Solutions, we understand the urgency of addressing such critical vulnerabilities. Within hours of Fortinet's advisory, we pushed all relevant updates to the firewalls we manage for our customers. This rapid response ensures our clients remain protected from potential exploitation.
If your business isn’t responding to vulnerabilities like this immediately, your network is at an extreme risk of compromise. Attackers actively seek out unpatched systems, and delays in applying updates can lead to devastating breaches. That’s why 256 Solutions is here to help—we can take over the responsibility of managing your firewalls, ensuring updates are applied promptly, and safeguarding your business against emerging threats.
Steps to Protect Your Network
If your organization uses Fortinet devices, here’s what you need to do now:
Update Your Systems: Upgrade to the latest patched versions of FortiOS and FortiProxy as outlined in Fortinet’s advisory. The firmware version for this fix in the 7.0.x branch is 7.0.17. 7.2.x 7.4.x and 7.6.x was not affected.
Restrict Management Interface Access:Â Limit access to administrative interfaces by disabling HTTP/HTTPS access or implementing local-in policies.
Monitor for Suspicious Activity:Â Check for unauthorized configuration changes, especially newly created admin accounts or altered firewall policies.
Audit VPN Accounts:Â Review SSL VPN user groups for unauthorized additions or activity.
If these steps sound overwhelming, you don’t have to face them alone. At 256 Solutions, we handle these critical updates and proactively manage your network’s security to ensure you are always protected.
Why This Matters for Canadian Businesses
For businesses in Hamilton and across Canada, this vulnerability is a stark reminder of the critical need for proactive cybersecurity measures. The Canadian Centre for Cyber Security has added this exploit to its list of high-priority vulnerabilities, emphasizing the threat it poses to public and private organizations alike.
At 256 Solutions, we don’t just supply Fortinet hardware—we provide comprehensive support to keep your systems secure. From pushing critical updates to conducting regular audits and implementing robust policies, we ensure your business stays ahead of the threats.
Don’t Wait—Act Now
This vulnerability highlights the importance of acting fast in today’s digital landscape. If your firewalls haven’t been updated yet or you lack the resources to manage these updates, reach out to us at 256 Solutions. We’ll take on the responsibility of protecting your business, so you can focus on what matters most.
Comments