VYPR
Unrated severityCISA KEVNVD Advisory· Published Jan 14, 2025· Updated Feb 26, 2026

CVE-2024-55591

CVE-2024-55591

Description

An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS version 7.0.0 through 7.0.16 and FortiProxy version 7.0.0 through 7.0.19 and 7.2.0 through 7.2.12 allows a remote attacker to gain super-admin privileges via crafted requests to Node.js websocket module.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

4
  • Fortinet/Fortiosv52 versions
    cpe:2.3:o:fortinet:fortios:7.0.16:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:fortinet:fortios:7.0.16:*:*:*:*:*:*:*range: 7.0.0
    • (no CPE)range: >=7.0.0, <=7.0.16
  • Fortinet/Fortiproxyllm-fuzzy2 versions
    >=7.0.0, <=7.0.19; >=7.2.0, <=7.2.12+ 1 more
    • (no CPE)range: >=7.0.0, <=7.0.19; >=7.2.0, <=7.2.12
    • (no CPE)range: 7.2.0

Patches

Vulnerability mechanics

References

1

News mentions

6