CVE-2024-55591 PoC — Fortinet FortiOS和FortiProxy 安全漏洞

Source

https://github.com/robomusk52/exp-cmd-add-admin-vpn-CVE-2024-55591

Associated Vulnerability

Title:Fortinet FortiOS和FortiProxy 安全漏洞 (CVE-2024-55591)
Description:Fortinet FortiOS和Fortinet FortiProxy都是美国飞塔（Fortinet）公司的产品。Fortinet FortiOS是一套专用于FortiGate网络安全平台上的安全操作系统。该系统为用户提供防火墙、防病毒、IPSec/SSLVPN、Web内容过滤和反垃圾邮件等多种安全功能。Fortinet FortiProxy是一种安全的网络代理，通过结合多种检测技术，如Web过滤、DNS过滤、DLP、反病毒、入侵防御和高级威胁保护，可以保护员工免受网络攻击。FortiProxy有助于减

Description

CVE-2024-55591 Opening CMD (Command Line Interface), Creating a Superuser, and Managing VPN Groups

Readme

# CVE-2024-55591
### If you're reading this, you most likely know what we're talking about.
[DOWNLOAD](https://satoshidisk.com/pay/CNVBUk)
# Vulnerability Scanner
## Description
This script attempts to create a WebSocket connection at a random URI from a pre-authenticated perspective to the FortiOS management interface, and reviews the response to determine if the instance is VULNERABLE.
### Checks the file with ip addresses for vulnerability
## USEAGE
Checks your text document with ip addresses for vulnerabilities
```python check.py --file ips.txt --port 443```

# poc.py
## Description
Use this poc, you can bypass authentication and see system log.
## USAGE

```python3 poc.py [-h] --target TARGET [--port PORT]```
# ADMIN CREATION
## Description
Use this exp, you can Сreates administrator, adding an administrator to a VPN group.
## USEAGE
Set the required IP Address in the code before startup.

![image](https://github.com/user-attachments/assets/896d0c6a-67d2-4234-bf47-5bcc91f8d7f4)

```python3 adadmin.py```

![image](https://github.com/user-attachments/assets/a1978c49-3b08-4be9-aabd-2140b3d19c22)


# CMD
## Description
Use this exp, you can bypass authentication and run cmd.
## USEAGE
```exp.py [-h] --target TARGET [--port PORT] [--username USERNAME] [--cmd CMD]```

## Affected Versions

-FortiOS 7.0.0 through 7.0.16
-FortiProxy 7.0.0 through 7.0.19
-FortiProxy 7.2.0 through 7.2.12
[More details](https://www.fortiguard.com/psirt/FG-IR-24-535)

[DOWNLOAD](https://satoshidisk.com/pay/CNVBUk)

File Snapshot


 [4.0K]  /data/pocs/a2f5ff10c5cd8a24f9e52e8ed8b7acbe14adf8b0
├── [5.5K]  check.py
├── [7.9K]  poc.py
└── [1.5K]  README.md

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!