Source: Ministry of education information & communication security contingency platform
| Publication Number | TACERT-ANA-2025012110011313 | Publication Time | 2025/01/21 10:02 |
| Incident Type | ANA-Vulnerability Alert | Discovery Time | 2025/01/20 10:02 |
| Impact Level | Medium | ||
| [Subject] 【Vulnerability Alert】Security Vulnerability Identified in Fortinet FortiOS and FortiProxy (CVE-2024-55591) – Immediate Patch Recommended |
|||
| [Content] Forwarded from the National Institute of Cyber Security NISAC-200-202501-00000050 Researchers have identified an Authentication Bypass vulnerability (CVE-2024-55591) in Fortinet FortiOS and FortiProxy. This vulnerability allows unauthenticated remote attackers to gain super-admin privileges by sending crafted packets. Evidence shows that this vulnerability has been exploited by attackers. Prompt action is recommended to mitigate potential risks. Information Sharing Level: WHITE (Information content can be publicly disclosed) |
|||
| [Affected Platform] ●FortiOS versions 7.0.0 through 7.0.16 ●FortiProxy versions 7.0.0 through 7.0.19 ●FortiProxy versions 7.2.0 through 7.2.12 |
|||
| [Recommended Actions] Fortinet has released patches to address this vulnerability. Please refer to the official advisory for details: https://fortiguard.fortinet.com/psirt/FG-IR-24-535 |
|||
| [Reference] 1. https://nvd.nist.gov/vuln/detail/CVE-2024-55591 2. https://fortiguard.fortinet.com/psirt/FG-IR-24-535 3. https://www.ithome.com.tw/news/166969 |
|||