目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1000

100.0%
请我们喝杯咖啡
获取后续新漏洞提醒登录后订阅
一、 漏洞 CVE-2024-55591 基础信息
漏洞信息
对漏洞内容有疑问?看看神龙的深度分析是否有帮助!
查看神龙十问 ↗

尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。

Vulnerability Title
N/A
来源: 美国国家漏洞数据库 NVD
Vulnerability Description
An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS version 7.0.0 through 7.0.16 and FortiProxy version 7.0.0 through 7.0.19 and 7.2.0 through 7.2.12 allows a remote attacker to gain super-admin privileges via crafted requests to Node.js websocket module.
来源: 美国国家漏洞数据库 NVD
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
来源: 美国国家漏洞数据库 NVD
Vulnerability Type
使用候选路径或通道进行的认证绕过
来源: 美国国家漏洞数据库 NVD
Vulnerability Title
Fortinet FortiOS和FortiProxy 安全漏洞
来源: 中国国家信息安全漏洞库 CNNVD
Vulnerability Description
Fortinet FortiOS和Fortinet FortiProxy都是美国飞塔(Fortinet)公司的产品。Fortinet FortiOS是一套专用于FortiGate网络安全平台上的安全操作系统。该系统为用户提供防火墙、防病毒、IPSec/SSLVPN、Web内容过滤和反垃圾邮件等多种安全功能。Fortinet FortiProxy是一种安全的网络代理,通过结合多种检测技术,如Web过滤、DNS过滤、DLP、反病毒、入侵防御和高级威胁保护,可以保护员工免受网络攻击。FortiProxy有助于减
来源: 中国国家信息安全漏洞库 CNNVD
CVSS Information
N/A
来源: 中国国家信息安全漏洞库 CNNVD
Vulnerability Type
N/A
来源: 中国国家信息安全漏洞库 CNNVD
受影响产品
厂商产品影响版本CPE订阅
FortinetFortiOS 7.0.0 ~ 7.0.16 cpe:2.3:o:fortinet:fortios:7.0.16:*:*:*:*:*:*:*
FortinetFortiProxy 7.2.0 ~ 7.2.12 -
二、漏洞 CVE-2024-55591 的公开POC
#POC 描述源链接神龙链接
1Nonehttps://github.com/watchtowrlabs/fortios-auth-bypass-check-CVE-2024-55591POC详情
2Checks for authentication bypass vulnerability inFortinet's FortiOS, potentially exploited by remote attackers.https://github.com/souzatyler/fortios-auth-bypass-check-CVE-2024-55591POC详情
3Nonehttps://github.com/sysirq/fortios-auth-bypass-poc-CVE-2024-55591POC详情
4Nonehttps://github.com/sysirq/fortios-auth-bypass-exploit-CVE-2024-55591POC详情
5Private CVE-2024-55591https://github.com/amfg145/Private-CVE-2024-55591.POC详情
6CVE-2024-55591 Opening CMD (Command Line Interface), Creating a Superuser, and Managing VPN Groupshttps://github.com/robomusk52/exp-cmd-add-admin-vpn-CVE-2024-55591POC详情
7Nonehttps://github.com/watchtowrlabs/fortios-auth-bypass-poc-CVE-2024-55591POC详情
8An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS and FortiProxy may allow a remote attacker to gain super-admin privileges via crafted requests to Node.js websocket module.https://github.com/virus-or-not/CVE-2024-55591POC详情
9A comprehensive all-in-one Python-based Proof of Concept script to discover and exploit a critical authentication bypass vulnerability (CVE-2024-55591) in certain Fortinet devices.https://github.com/exfil0/CVE-2024-55591-POCPOC详情
10#PoC for CVE-2024-55591 Authentication bypass Affects: FortiOS 7.0.0 to 7.0.16 , FortiProxy 7.0.0 to 7.0.19 ,FortiProxy 7.2.0 to 7.2.12https://github.com/rawtips/CVE-2024-55591POC详情
11Nonehttps://github.com/0x7556/CVE-2024-55591POC详情
12Nonehttps://github.com/binarywarm/exp-cmd-add-admin-vpn-CVE-2024-55591POC详情
13Fortinet FortiOS is vulnerable to an information disclosure via service-worker.js that could allow an attacker to access sensitive information.This vulnerability affects FortiOS and could potentially lead to unauthorized access to the system. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-55591.yamlPOC详情
14Nonehttps://github.com/UMChacker/CVE-2024-55591-POCPOC详情
AI 生成 POC高级

未找到公开 POC。

登录以生成 AI POC
三、漏洞 CVE-2024-55591 的情报信息
Please 登录 to view more intelligence information
IV. Related Vulnerabilities
Same product: FortiOS
Same vendor: Fortinet
Same weakness: CWE-288
V. Comments for CVE-2024-55591

暂无评论

发表评论