CVE-2024-55591 is an authentication bypass vulnerability classified under CWE-288, affecting Fortinet's FortiOS and FortiProxy products. The flaw exists in the Node.js websocket module implementation within these products, allowing an unauthenticated remote attacker to send specially crafted requests that bypass normal authentication mechanisms. This bypass grants the attacker super-admin privileges, effectively allowing them to execute arbitrary code or commands on the affected device. The vulnerability impacts FortiOS versions 7.0.0 through 7.0.16 and FortiProxy versions 7.0.0 through 7.0.19 and 7.2.0 through 7.2.12. Given the critical nature of Fortinet devices in enterprise and service provider networks, exploitation could lead to full device compromise, enabling attackers to manipulate firewall rules, intercept or redirect traffic, deploy malware, or disrupt network availability. The vulnerability has a CVSS v3.1 base score of 9.6, reflecting its high exploitability (network vector, no privileges or user interaction required) and severe impact on confidentiality, integrity, and availability. Although no exploits have been reported in the wild yet, the vulnerability's public disclosure and critical severity necessitate urgent attention. Fortinet has not yet published patches or mitigation details at the time of this report, increasing the urgency for organizations to implement interim protective controls.

For European organizations, the impact of CVE-2024-55591 is significant due to the widespread use of Fortinet FortiOS and FortiProxy in enterprise, government, and critical infrastructure networks. Successful exploitation can lead to complete takeover of network security appliances, allowing attackers to bypass firewall protections, exfiltrate sensitive data, disrupt services, or establish persistent footholds. This threatens the confidentiality of personal and corporate data, the integrity of network configurations, and the availability of critical network services. Sectors such as finance, healthcare, energy, and telecommunications are particularly vulnerable due to their reliance on Fortinet products for perimeter defense and secure remote access. The ability to gain super-admin privileges remotely without authentication makes this vulnerability attractive for advanced persistent threat (APT) groups and cybercriminals targeting European entities. The lack of known exploits in the wild currently provides a window for proactive defense, but the risk of rapid weaponization is high given the criticality and ease of exploitation.

1. Immediately inventory all Fortinet FortiOS and FortiProxy devices to identify affected versions (7.0.0 through 7.0.16 for FortiOS and 7.0.0 through 7.0.19 and 7.2.0 through 7.2.12 for FortiProxy). 2. Apply vendor patches as soon as they become available; monitor Fortinet advisories closely. 3. Restrict access to management interfaces, especially websocket endpoints, to trusted internal networks only; block access from untrusted or public networks. 4. Implement network segmentation to isolate Fortinet devices from general user networks and limit lateral movement. 5. Deploy strict firewall rules and intrusion detection/prevention systems (IDS/IPS) to monitor and block suspicious websocket traffic patterns. 6. Enable and review detailed logging on Fortinet devices to detect anomalous authentication attempts or privilege escalations. 7. Conduct regular security audits and penetration tests focusing on Fortinet device configurations and access controls. 8. Educate network administrators on this vulnerability and enforce the principle of least privilege for administrative access. 9. Consider temporary compensating controls such as disabling websocket modules if feasible without disrupting operations. 10. Prepare incident response plans to quickly contain and remediate potential compromises involving Fortinet devices.