Fortinet has disclosed an actively exploited zero-day vulnerability (CVE-2024-55591) in FortiOS and FortiProxy that allows attackers to gain super-admin privileges by sending malicious requests to the Node.js websocket module. Exploited systems have shown unauthorized admin account creation, firewall policy changes, and unauthorized SSL VPN access. Fortinet advises disabling HTTP/HTTPS administrative interfaces or restricting access to trusted IPs while applying available patches. Attacks targeting public-facing FortiGate firewalls have been ongoing since mid-November, highlighting the urgency for administrators to review logs for indicators of compromise and secure their systems.
