A significant cybersecurity threat has emerged as hackers on a prominent Russian dark web forum claim to be selling an active exploit targeting Fortinet devices.

The exploit reportedly leverages a critical vulnerability, CVE-2024-55591, which affects FortiOS versions 7.0.0 through 7.0.16. 

This vulnerability, categorized as “Authentication Bypass Using an Alternate Path or Channel,” enables remote attackers to bypass authentication and gain super-admin access to affected systems.

Alleged Exploit on Dark Web

The exploit is described as a multi-threaded custom tool capable of scanning IP:Port combinations to identify vulnerable Fortinet instances. 

Once exploited, it can retrieve sensitive information such as firmware versions, VPN ports, and user credentials, including decrypted passwords. This poses a severe risk to organizations relying on Fortinet’s security appliances for critical infrastructure protection.

The vulnerability stems from improper handling of specially crafted requests sent to the Node.js WebSocket module within FortiOS. By exploiting this flaw, attackers can bypass authentication mechanisms and execute arbitrary commands with elevated privileges.

Fortinet has acknowledged the vulnerability and released patches for affected versions. A security update addressing CVE-2024-55591 was issued on January 14, 2025, as part of the company’s ongoing efforts to enhance product security. 

Users are strongly advised to upgrade to patched versions of FortiOS—7.0.17 or later in the 7.0.x branch and 7.2.x for those using newer releases.

In addition to applying patches, organizations should consider implementing the following measures:

• Disable public access to management interfaces.
• Enforce strong password policies and multi-factor authentication (MFA).
• Regularly monitor network traffic for indicators of compromise (IoCs) associated with this exploit.
• Conduct vulnerability scans and penetration testing to identify and remediate weaknesses.

The sale of an active exploit for CVE-2024-55591 underscores the growing sophistication of cybercriminals targeting enterprise-grade security solutions. 

Organizations using Fortinet devices must act swiftly to patch their systems and implement robust security practices to mitigate risks associated with this critical vulnerability.