CVE-2024-55591 PoC — Fortinet FortiOS和FortiProxy 安全漏洞

Source

https://github.com/0x7556/CVE-2024-55591

Associated Vulnerability

Title:Fortinet FortiOS和FortiProxy 安全漏洞 (CVE-2024-55591)
Description:Fortinet FortiOS和Fortinet FortiProxy都是美国飞塔（Fortinet）公司的产品。Fortinet FortiOS是一套专用于FortiGate网络安全平台上的安全操作系统。该系统为用户提供防火墙、防病毒、IPSec/SSLVPN、Web内容过滤和反垃圾邮件等多种安全功能。Fortinet FortiProxy是一种安全的网络代理，通过结合多种检测技术，如Web过滤、DNS过滤、DLP、反病毒、入侵防御和高级威胁保护，可以保护员工免受网络攻击。FortiProxy有助于减

Readme

# FortiGate CVE-2024-55591

### 1Scan最新版

https://github.com/0x7556/1Scan

#### 影响版本

    FortiOS 7.0.0 through 7.0.16
    FortiProxy 7.0.0 through 7.0.19
    FortiProxy 7.2.0 through 7.2.12

#### POC单个检测

```Bash
./poc 10.10.1.1
./poc http://10.10.1.1
```

#### 1Scan 批量

```Bash
./1scan 10.10.1.1
./1scan 10.10.1.1/24
./1scan 10.10.1.1/c
./1scan 10.10.1.1/b
./1scan http://10.10.1.1
./1scan ip.txt
./1scan ipc.txt
./1scan ipb.txt
./1scan url.txt
```

单个URL或IP
![image](https://github.com/0x7556/1Scan/blob/main/CVE-2024-55591.png)

批量检测 url.txt
![image](https://github.com/0x7556/1Scan/blob/main/CVE-2024-55591-more.png)

PS：工具只显示成功结果，不显示过程，为了方便在手机或平板下一键渗透

### Link
https://github.com/watchtowrlabs/fortios-auth-bypass-poc-CVE-2024-55591

File Snapshot


 [4.0K]  /data/pocs/445cf396fbe31267a92b4abdd38782f0f283e8a2
├── [ 79K]  CVE-2024-55591.png
└── [ 845]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!