CVE-2024-55591 PoC — Fortinet FortiOS和FortiProxy 安全漏洞

Source

https://github.com/watchtowrlabs/fortios-auth-bypass-check-CVE-2024-55591

Associated Vulnerability

Title:Fortinet FortiOS和FortiProxy 安全漏洞 (CVE-2024-55591)
Description:Fortinet FortiOS和Fortinet FortiProxy都是美国飞塔（Fortinet）公司的产品。Fortinet FortiOS是一套专用于FortiGate网络安全平台上的安全操作系统。该系统为用户提供防火墙、防病毒、IPSec/SSLVPN、Web内容过滤和反垃圾邮件等多种安全功能。Fortinet FortiProxy是一种安全的网络代理，通过结合多种检测技术，如Web过滤、DNS过滤、DLP、反病毒、入侵防御和高级威胁保护，可以保护员工免受网络攻击。FortiProxy有助于减

Readme

# CVE-2024-55591
A Fortinet FortiOS Authentication Bypass Vulnerable Behaviour Detection
 

# Detection in Action


```
python CVE-2024-55591-check.py --target 192.168.1.10 --port 443
             __         ___  ___________                   
     __  _  ______ _/  |__ ____ |  |_\__    ____\____  _  ________ 
     \ \/ \/ \__  \    ___/ ___\|  |  \\|    | /  _ \ \/ \/ \_  __ \
      \     / / __ \|  | \  \\___|   Y  |    |(  <_> \     / |  | \
       \/\_/ (____  |__|  \\\\___  |___|__|__  | \\__  / \\/\_/  |__|   
                  \\          \\     \\                              

        CVE-2024-55591.py
        (*) Fortinet FortiOS Authentication Bypass (CVE-2024-55591) vulnerable detection by watchTowr
        
          - Sonny , watchTowr (sonny@watchTowr.com)
          - Aliz Hammond, watchTowr (aliz@watchTowr.com)

        CVEs: [CVE-2024-55591]

[*] Targeting: https://192.168.1.10:443
[!] VULNERABLE: All conditions were met

```

# Description

This script attempts to create a WebSocket connection at a random URI from a pre-authenticated perspective to the FortiOS management interface, and reviews the response to determine if the instance is vulnerable.

# Affected Versions

* FortiOS 7.0.0 through 7.0.16
* FortiProxy 7.0.0 through 7.0.19
* FortiProxy 7.2.0 through 7.2.12

More details at [Fortinet advisory](https://www.fortiguard.com/psirt/FG-IR-24-535)

# Note

This detection mechanism doesn't support FortiProxy.

# Follow [watchTowr](https://watchTowr.com) Labs

For the latest security research follow the [watchTowr](https://watchTowr.com) Labs Team 

- https://labs.watchtowr.com/
- https://x.com/watchtowrcyber

File Snapshot


 [4.0K]  /data/pocs/9b93d896345403d7b6be9320ebd9cb42afa3aaa8
├── [5.0K]  CVE-2024-55591-check.py
└── [1.6K]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!