11 matches found
ThreatsDay Bulletin: FortiGate RaaS, Citrix Exploits, MCP Abuse, LiveChat Phish & More
ThreatsDay Bulletin is back on The Hacker News, and this week feels off in a familiar way. Nothing loud, nothing breaking everything at once. Just a lot of small things that shouldn’t work anymore but still do. Some of it looks simple, almost sloppy, until you see how well it lands. Other bits fe...
Exploit for Authentication Bypass Using an Alternate Path or Channel in Fortinet Fortiproxy
CVE-2024-55591: FortiOS Authentication Bypass If you’re r...
Exploit for Authentication Bypass Using an Alternate Path or Channel in Fortinet Fortiproxy
Proof of Concept for CVE-2024-55591 Exploit This script is a...
Exploit for Authentication Bypass Using an Alternate Path or Channel in Fortinet Fortiproxy
CVE-2024-55591 A Fortinet FortiOS Authentication Bypass Proof...
Exploit for Authentication Bypass Using an Alternate Path or Channel in Fortinet Fortiproxy
CVE-2024-55591 PoC This repository contains an PoC Proof of...
Exploit for Authentication Bypass Using an Alternate Path or Channel in Fortinet Fortiproxy
CVE-2024-55591 A Fortinet FortiOS Authentication Bypass Vulner...
CVE-2024-55591
creationtimestamp| type| source ---|---|--- 2025-01-14 14:26:33+00:00| seen| https://infosec.exchange/users/screaminggoat/statuses/113827171069136576 2025-01-14 14:48:33+00:00| seen| https://mastodon.social/users/CyberSignaler/statuses/113827257320064030 2025-01-14 15:13:34+00:00| seen|...
CVE-2024-55591
CVE-2024-55591 is a critical authentication bypass affecting FortiOS and FortiProxy. Public PoCs describe remote exploitation via WebSocket/Telnet management interfaces to gain super-admin privileges without valid credentials. Affected versions include FortiOS 7.0.0–7.0.16 and FortiProxy 7.0.0–7....
CVE-2024-55591
An Authentication Bypass Using an Alternate Path or Channel vulnerability CWE-288 affecting FortiOS version 7.0.0 through 7.0.16 and FortiProxy version 7.0.0 through 7.0.19 and 7.2.0 through 7.2.12 allows a remote attacker to gain super-admin privileges via crafted requests to Node.js websocket...
CVE-2024-55591
An Authentication Bypass Using an Alternate Path or Channel vulnerability CWE-288 affecting FortiOS version 7.0.0 through 7.0.16 and FortiProxy version 7.0.0 through 7.0.19 and 7.2.0 through 7.2.12 allows a remote attacker to gain super-admin privileges via crafted requests to Node.js websocket...
Fortinet Fortigate Authentication bypass in Node.js websocket module and CSF requests (FG-IR-24-535)
The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the FG-IR-24-535 advisory. - An Authentication Bypass Using an Alternate Path or Channel vulnerability CWE-288 affecting FortiOS 7.0.0 through...