{"id":3265,"date":"2025-01-21T10:26:39","date_gmt":"2025-01-21T10:26:39","guid":{"rendered":"https:\/\/certera.com\/blog\/?p=3265"},"modified":"2025-01-21T10:26:40","modified_gmt":"2025-01-21T10:26:40","slug":"critical-zero-day-vulnerability-exploited-in-fortinet-devices","status":"publish","type":"post","link":"https:\/\/certera.com\/blog\/critical-zero-day-vulnerability-exploited-in-fortinet-devices\/","title":{"rendered":"Critical Zero-Day Vulnerability Exploited in Fortinet Devices"},"content":{"rendered":"\n<p class=\"wp-block-paragraph\">A zero-day vulnerability has been identified and actively exploited in Fortinet\u00b4s security appliances that would let the threat actors compromise firewalls and infiltrate enterprise networks.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The vulnerability, tracked as CVE-2024-55591, affects multiple versions of FortiOS and FortiProxy and allows attackers to bypass authentication and gain super-admin privileges.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">This in-depth analysis looks at the details of this threat, why it matters, and what organizations can do to protect their systems.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-the-vulnerability-cve-2024-55591\">The Vulnerability: CVE-2024-55591<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">The CVE-2024-55591 authentication bypass vulnerability affects the following versions of the software:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>FortiOS:<\/strong> Versions 7.0.0 to 7.0.16.<\/li>\n\n\n\n<li><strong>FortiProxy:<\/strong> Versions 7.0.0 to 7.0.19 and 7.2.0 to 7.2.12.<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">The flaw is an authentication bypass in Node.js WebSocket enabling remote attackers to send specially crafted requests, thereby granting super-admin privileges.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">By exploiting this vulnerability, attackers could penetrate an organization&#8217;s network and change configurations to steal sensitive data subsequently.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-active-exploitation-campaigns\">Active Exploitation Campaigns<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-observed-activities\"><a><\/a>Observed Activities<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">In mid-November, threat actors reportedly started to leverage CVE-2024-55591 for the compromise of Fortinet firewalls since 2024.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Attackers create an admin account with a random name and add it to one of the existing or new SSL VPN user groups, thus enabling secure tunnels into internal networks.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The firewall configurations have also been manipulated to enable lateral movement into the compromised environment and maintain persistence.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">They used tools, including DCSync, to dump credentials from these systems, increasing the magnitude of these attacks accordingly.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-campaign-timeline\"><a><\/a>Campaign Timeline<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">The attack campaign has gone through four distinct phases so far: vulnerability scanning (November 16\u201323, 2024), reconnaissance (November 22\u201327, 2024), the configuration of SSL VPNs (December 4\u20137, 2024), and lateral movement (December 16\u201327, 2024).<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">These phases of the campaign continue, meaning other malicious activities may surface. This approach is, in fact, systematic, starting from identifying vulnerable devices, then collecting intelligence, exploiting the vulnerability, and finally expanding access across networks.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Also Read:<\/strong> <a href=\"https:\/\/certera.com\/blog\/check-point-alerts-users-to-zero-day-attacks-on-their-vpn-gateway-products\/\">Check Point Alerts Users to Zero-Day Attacks on Their VPN Gateway Products<\/a><\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-indicators-of-compromise-iocs\">Indicators of Compromise (IOCs)<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Fortinet and Arctic Wolf have shared significant compromise indicators to help organizations detect potential exploitation.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Logs that characterize malicious admin logins via the jsconsole interface or create randomly named admin users are crucial in marking compromise.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">For instance, one log entry shows an unauthorized admin login through the jsconsole interface with a success message.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Another log indicates the creation of rogue admin accounts with random usernames. That being said, attackers usually develop specific IP addresses\u2014like 1.1.1.1, 127.0.0.1, and 8.8.8.8\u2014during their campaigns, which can act as red flags for detection purposes.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-fortinet-s-response\">Fortinet\u2019s Response<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-mitigation-guidance\"><a><\/a>Mitigation Guidance<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">To mitigate CVE-2024-55591, Fortinet proposed vital recommendations to the administrators to disable HTTP\/HTTPS administrative interfaces or restrict access to specific IP addresses via local-in policies.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The study also noted the necessity of applying the latest security patches to address that vulnerability and protect devices from exploitation.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Organizations should also establish syslog monitoring functions for anomaly detection to provide an early warning of malicious actions.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-related-vulnerabilities\"><a><\/a>Related Vulnerabilities<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Fortinet has dealt with other significant vulnerabilities, like CVE-2023-37936, which has an undefined criticality cutoff for this particular hard-coded cryptographic key flaw, which allowed unauthorized code execution.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Other exploits underscore the same pointer, such as the somewhat relatively unobtrusive FortiJump vulnerability (CVE-2024-47575) and an unprotected FortiClient VPN flaw allegedly being exploited by Chinese hackers, thereby prescribing the urgency of pre-emptive management of such later disclosures and the adoption of adequate security measures.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-implications-for-organizations\">Implications for Organizations<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">The exploitation of CVE-2024-55591 represents the growing risk the vulnerabilities in network security appliances could pose. Devices such as Fortinet firewalls make attractive targets for attackers because they perform foundational work in enterprise security.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Once these devices are compromised, information at rest becomes vulnerable, and critical infrastructure will be at the mercy of attackers.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Also Read:<\/strong> <a href=\"https:\/\/certera.com\/blog\/check-point-alerts-users-to-zero-day-attacks-on-their-vpn-gateway-products\/\">Check Point Alerts Users to Zero-Day Attacks on Their VPN Gateway Products<\/a><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">This stewardship shows that this operation of exploitative actions is going after devices having management interfaces exposed to the Internet, thereby increasing their target surface and putting them at risk of attack.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Attributing to those attacks takes excellent effort from the adversary because the differences in the tradecraft and infrastructure show several threat actors might get involved.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">This complexity reinforces why such organizations must build an active, multi-layered defense comprising continuous monitoring, threat intelligence, and response capability.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-recommendations-for-organizations\">Recommendations for Organizations<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-patch-immediately\">Patch Immediately<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Organizations must take care to ensure security patches are applied to Fortinet devices.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">If the firmware is not updated, the system will be unprotected against exploitation, as most attackers intentionally target unpatched systems since they have IOCs and known vulnerabilities.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-limit-exposure\">Limit Exposure<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Limiting access to management interfaces to trusted internal networks will help reduce the attack surface. The admin must be able to disable any public management interface where possible and enforce stringent access control policies to restrict unauthorized access.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-enhance-monitoring\">Enhance Monitoring<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">By proactively monitoring system logs for unusual activities, such as unauthorized jsconsole logins and creation of rogue admin accounts, one can catch a potential intruder early.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The organization should use threat intelligence to correlate its observed behaviors with known attack patterns and respond quickly.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-improve-incident-response\">Improve Incident Response<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Organizations should establish and test their incident response plans from time to time to be prepared for <a href=\"https:\/\/certera.com\/blog\/what-are-zero-day-exploits-attacks-and-vulnerabilities\/\">zero-day exploits<\/a>. Tabletop exercises simulating different possible attack scenarios would help teams spot defense gaps and enhance their response capabilities.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-educate-teams\">Educate Teams<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">One of the most crucial aspects of securing network devices is training the IT staff to recognize signs of compromise and understand best practices for securing network devices.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Ultimately, with knowledge of emerging threats and proactive security measures, the ability to better withstand sophisticated attacks can be significantly enhanced.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-conclusion\"><a><\/a>Conclusion<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">With cyber threats becoming increasingly sophisticated, securing your infrastructure using robust Public Key Infrastructure (PKI) solutions is essential. Certera offers <a href=\"https:\/\/certera.com\/solutions\/pki-solutions\">cutting-edge PKI Solutions<\/a> and SiteLock Services designed to fortify your organization against vulnerabilities.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><\/p>\n","protected":false},"excerpt":{"rendered":"<p>A zero-day vulnerability has been identified and actively exploited in Fortinet\u00b4s security appliances that would let the threat actors compromise firewalls and infiltrate enterprise networks. The vulnerability, tracked as CVE-2024-55591, affects multiple versions of FortiOS and FortiProxy and allows attackers to bypass authentication and gain super-admin privileges. This in-depth analysis looks at the details of<span class=\"morelink d-block mt-3\"><a href=\"https:\/\/certera.com\/blog\/critical-zero-day-vulnerability-exploited-in-fortinet-devices\/\">Read More<\/a><\/span><\/p>\n","protected":false},"author":1,"featured_media":3267,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[31,32],"tags":[],"class_list":["post-3265","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cyber-attack","category-vulnerability","entry"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.9 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Fortinet Firewalls Hit with New Zero-Day Attack: CVE-2024-55591<\/title>\n<meta name=\"description\" content=\"Fortinet has confirmed a new critical zero-day vulnerability, CVE-2024-55591 affecting some of its firewalls and devices.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/certera.com\/blog\/critical-zero-day-vulnerability-exploited-in-fortinet-devices\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Fortinet Firewalls Hit with New Zero-Day Attack: CVE-2024-55591\" \/>\n<meta property=\"og:description\" content=\"Fortinet has confirmed a new critical zero-day vulnerability, CVE-2024-55591 affecting some of its firewalls and devices.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/certera.com\/blog\/critical-zero-day-vulnerability-exploited-in-fortinet-devices\/\" \/>\n<meta property=\"og:site_name\" content=\"EncryptedFence by Certera - Web &amp; Cyber Security Blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/certeraLLC\/\" \/>\n<meta property=\"article:published_time\" content=\"2025-01-21T10:26:39+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-01-21T10:26:40+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/certera.com\/blog\/wp-content\/uploads\/2025\/01\/CVE-2024-55591-fortinet.webp\" \/>\n\t<meta property=\"og:image:width\" content=\"960\" \/>\n\t<meta property=\"og:image:height\" content=\"620\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Janki Mehta\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@certera_llc\" \/>\n<meta name=\"twitter:site\" content=\"@certera_llc\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Janki Mehta\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/critical-zero-day-vulnerability-exploited-in-fortinet-devices\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/critical-zero-day-vulnerability-exploited-in-fortinet-devices\\\/\"},\"author\":{\"name\":\"Janki Mehta\",\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/#\\\/schema\\\/person\\\/e5a476aa90d9e02260ebfe4b0bf046b7\"},\"headline\":\"Critical Zero-Day Vulnerability Exploited in Fortinet Devices\",\"datePublished\":\"2025-01-21T10:26:39+00:00\",\"dateModified\":\"2025-01-21T10:26:40+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/critical-zero-day-vulnerability-exploited-in-fortinet-devices\\\/\"},\"wordCount\":954,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/critical-zero-day-vulnerability-exploited-in-fortinet-devices\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/certera.com\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/01\\\/CVE-2024-55591-fortinet.webp\",\"articleSection\":[\"Cyber Attack\",\"Vulnerability\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/certera.com\\\/blog\\\/critical-zero-day-vulnerability-exploited-in-fortinet-devices\\\/#respond\"]}],\"copyrightYear\":\"2025\",\"copyrightHolder\":{\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/#organization\"}},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/critical-zero-day-vulnerability-exploited-in-fortinet-devices\\\/\",\"url\":\"https:\\\/\\\/certera.com\\\/blog\\\/critical-zero-day-vulnerability-exploited-in-fortinet-devices\\\/\",\"name\":\"Fortinet Firewalls Hit with New Zero-Day Attack: CVE-2024-55591\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/critical-zero-day-vulnerability-exploited-in-fortinet-devices\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/critical-zero-day-vulnerability-exploited-in-fortinet-devices\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/certera.com\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/01\\\/CVE-2024-55591-fortinet.webp\",\"datePublished\":\"2025-01-21T10:26:39+00:00\",\"dateModified\":\"2025-01-21T10:26:40+00:00\",\"description\":\"Fortinet has confirmed a new critical zero-day vulnerability, CVE-2024-55591 affecting some of its firewalls and devices.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/critical-zero-day-vulnerability-exploited-in-fortinet-devices\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/certera.com\\\/blog\\\/critical-zero-day-vulnerability-exploited-in-fortinet-devices\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/critical-zero-day-vulnerability-exploited-in-fortinet-devices\\\/#primaryimage\",\"url\":\"https:\\\/\\\/certera.com\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/01\\\/CVE-2024-55591-fortinet.webp\",\"contentUrl\":\"https:\\\/\\\/certera.com\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/01\\\/CVE-2024-55591-fortinet.webp\",\"width\":960,\"height\":620,\"caption\":\"Zero-day Exploitation of CVE-2024-55591\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/critical-zero-day-vulnerability-exploited-in-fortinet-devices\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/certera.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Critical Zero-Day Vulnerability Exploited in Fortinet Devices\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/certera.com\\\/blog\\\/\",\"name\":\"EncryptedFence by Certera - Web & Cyber Security Blog\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/#organization\"},\"alternateName\":\"Certera's EncryptedFence Blog\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/certera.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/#organization\",\"name\":\"Certera\",\"url\":\"https:\\\/\\\/certera.com\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/certera.com\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/08\\\/logo-encryptedfence.svg\",\"contentUrl\":\"https:\\\/\\\/certera.com\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/08\\\/logo-encryptedfence.svg\",\"caption\":\"Certera\"},\"image\":{\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/certeraLLC\\\/\",\"https:\\\/\\\/x.com\\\/certera_llc\",\"https:\\\/\\\/www.linkedin.com\\\/company\\\/certera-llc\\\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/#\\\/schema\\\/person\\\/e5a476aa90d9e02260ebfe4b0bf046b7\",\"name\":\"Janki Mehta\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/1fba817ef81065f1393461fc3a0d85c40f2cc826919819ea4df4b12d76566e62?s=96&d=https%3A%2F%2Fcertera.com%2Fblog%2Fwp-content%2Fuploads%2F2023%2F02%2Fhttps-vs-sftp-jpg.webp&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/1fba817ef81065f1393461fc3a0d85c40f2cc826919819ea4df4b12d76566e62?s=96&d=https%3A%2F%2Fcertera.com%2Fblog%2Fwp-content%2Fuploads%2F2023%2F02%2Fhttps-vs-sftp-jpg.webp&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/1fba817ef81065f1393461fc3a0d85c40f2cc826919819ea4df4b12d76566e62?s=96&d=https%3A%2F%2Fcertera.com%2Fblog%2Fwp-content%2Fuploads%2F2023%2F02%2Fhttps-vs-sftp-jpg.webp&r=g\",\"caption\":\"Janki Mehta\"},\"description\":\"Janki Mehta is a passionate Cyber-Security Enthusiast who keenly monitors the latest developments in the Web\\\/Cyber Security industry. She puts her knowledge into practice and helps web users by arming them with the necessary security measures to stay safe in the digital world.\",\"sameAs\":[\"https:\\\/\\\/certerassl.com\\\/\"],\"url\":\"https:\\\/\\\/certera.com\\\/blog\\\/author\\\/certerabguser\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Fortinet Firewalls Hit with New Zero-Day Attack: CVE-2024-55591","description":"Fortinet has confirmed a new critical zero-day vulnerability, CVE-2024-55591 affecting some of its firewalls and devices.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/certera.com\/blog\/critical-zero-day-vulnerability-exploited-in-fortinet-devices\/","og_locale":"en_US","og_type":"article","og_title":"Fortinet Firewalls Hit with New Zero-Day Attack: CVE-2024-55591","og_description":"Fortinet has confirmed a new critical zero-day vulnerability, CVE-2024-55591 affecting some of its firewalls and devices.","og_url":"https:\/\/certera.com\/blog\/critical-zero-day-vulnerability-exploited-in-fortinet-devices\/","og_site_name":"EncryptedFence by Certera - Web &amp; Cyber Security Blog","article_publisher":"https:\/\/www.facebook.com\/certeraLLC\/","article_published_time":"2025-01-21T10:26:39+00:00","article_modified_time":"2025-01-21T10:26:40+00:00","og_image":[{"width":960,"height":620,"url":"https:\/\/certera.com\/blog\/wp-content\/uploads\/2025\/01\/CVE-2024-55591-fortinet.webp","type":"image\/jpeg"}],"author":"Janki Mehta","twitter_card":"summary_large_image","twitter_creator":"@certera_llc","twitter_site":"@certera_llc","twitter_misc":{"Written by":"Janki Mehta","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/certera.com\/blog\/critical-zero-day-vulnerability-exploited-in-fortinet-devices\/#article","isPartOf":{"@id":"https:\/\/certera.com\/blog\/critical-zero-day-vulnerability-exploited-in-fortinet-devices\/"},"author":{"name":"Janki Mehta","@id":"https:\/\/certera.com\/blog\/#\/schema\/person\/e5a476aa90d9e02260ebfe4b0bf046b7"},"headline":"Critical Zero-Day Vulnerability Exploited in Fortinet Devices","datePublished":"2025-01-21T10:26:39+00:00","dateModified":"2025-01-21T10:26:40+00:00","mainEntityOfPage":{"@id":"https:\/\/certera.com\/blog\/critical-zero-day-vulnerability-exploited-in-fortinet-devices\/"},"wordCount":954,"commentCount":0,"publisher":{"@id":"https:\/\/certera.com\/blog\/#organization"},"image":{"@id":"https:\/\/certera.com\/blog\/critical-zero-day-vulnerability-exploited-in-fortinet-devices\/#primaryimage"},"thumbnailUrl":"https:\/\/certera.com\/blog\/wp-content\/uploads\/2025\/01\/CVE-2024-55591-fortinet.webp","articleSection":["Cyber Attack","Vulnerability"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/certera.com\/blog\/critical-zero-day-vulnerability-exploited-in-fortinet-devices\/#respond"]}],"copyrightYear":"2025","copyrightHolder":{"@id":"https:\/\/certera.com\/blog\/#organization"}},{"@type":"WebPage","@id":"https:\/\/certera.com\/blog\/critical-zero-day-vulnerability-exploited-in-fortinet-devices\/","url":"https:\/\/certera.com\/blog\/critical-zero-day-vulnerability-exploited-in-fortinet-devices\/","name":"Fortinet Firewalls Hit with New Zero-Day Attack: CVE-2024-55591","isPartOf":{"@id":"https:\/\/certera.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/certera.com\/blog\/critical-zero-day-vulnerability-exploited-in-fortinet-devices\/#primaryimage"},"image":{"@id":"https:\/\/certera.com\/blog\/critical-zero-day-vulnerability-exploited-in-fortinet-devices\/#primaryimage"},"thumbnailUrl":"https:\/\/certera.com\/blog\/wp-content\/uploads\/2025\/01\/CVE-2024-55591-fortinet.webp","datePublished":"2025-01-21T10:26:39+00:00","dateModified":"2025-01-21T10:26:40+00:00","description":"Fortinet has confirmed a new critical zero-day vulnerability, CVE-2024-55591 affecting some of its firewalls and devices.","breadcrumb":{"@id":"https:\/\/certera.com\/blog\/critical-zero-day-vulnerability-exploited-in-fortinet-devices\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/certera.com\/blog\/critical-zero-day-vulnerability-exploited-in-fortinet-devices\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/certera.com\/blog\/critical-zero-day-vulnerability-exploited-in-fortinet-devices\/#primaryimage","url":"https:\/\/certera.com\/blog\/wp-content\/uploads\/2025\/01\/CVE-2024-55591-fortinet.webp","contentUrl":"https:\/\/certera.com\/blog\/wp-content\/uploads\/2025\/01\/CVE-2024-55591-fortinet.webp","width":960,"height":620,"caption":"Zero-day Exploitation of CVE-2024-55591"},{"@type":"BreadcrumbList","@id":"https:\/\/certera.com\/blog\/critical-zero-day-vulnerability-exploited-in-fortinet-devices\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/certera.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Critical Zero-Day Vulnerability Exploited in Fortinet Devices"}]},{"@type":"WebSite","@id":"https:\/\/certera.com\/blog\/#website","url":"https:\/\/certera.com\/blog\/","name":"EncryptedFence by Certera - Web & Cyber Security Blog","description":"","publisher":{"@id":"https:\/\/certera.com\/blog\/#organization"},"alternateName":"Certera's EncryptedFence Blog","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/certera.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/certera.com\/blog\/#organization","name":"Certera","url":"https:\/\/certera.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/certera.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/certera.com\/blog\/wp-content\/uploads\/2023\/08\/logo-encryptedfence.svg","contentUrl":"https:\/\/certera.com\/blog\/wp-content\/uploads\/2023\/08\/logo-encryptedfence.svg","caption":"Certera"},"image":{"@id":"https:\/\/certera.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/certeraLLC\/","https:\/\/x.com\/certera_llc","https:\/\/www.linkedin.com\/company\/certera-llc\/"]},{"@type":"Person","@id":"https:\/\/certera.com\/blog\/#\/schema\/person\/e5a476aa90d9e02260ebfe4b0bf046b7","name":"Janki Mehta","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/1fba817ef81065f1393461fc3a0d85c40f2cc826919819ea4df4b12d76566e62?s=96&d=https%3A%2F%2Fcertera.com%2Fblog%2Fwp-content%2Fuploads%2F2023%2F02%2Fhttps-vs-sftp-jpg.webp&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/1fba817ef81065f1393461fc3a0d85c40f2cc826919819ea4df4b12d76566e62?s=96&d=https%3A%2F%2Fcertera.com%2Fblog%2Fwp-content%2Fuploads%2F2023%2F02%2Fhttps-vs-sftp-jpg.webp&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/1fba817ef81065f1393461fc3a0d85c40f2cc826919819ea4df4b12d76566e62?s=96&d=https%3A%2F%2Fcertera.com%2Fblog%2Fwp-content%2Fuploads%2F2023%2F02%2Fhttps-vs-sftp-jpg.webp&r=g","caption":"Janki Mehta"},"description":"Janki Mehta is a passionate Cyber-Security Enthusiast who keenly monitors the latest developments in the Web\/Cyber Security industry. She puts her knowledge into practice and helps web users by arming them with the necessary security measures to stay safe in the digital world.","sameAs":["https:\/\/certerassl.com\/"],"url":"https:\/\/certera.com\/blog\/author\/certerabguser\/"}]}},"_links":{"self":[{"href":"https:\/\/certera.com\/blog\/wp-json\/wp\/v2\/posts\/3265","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/certera.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/certera.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/certera.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/certera.com\/blog\/wp-json\/wp\/v2\/comments?post=3265"}],"version-history":[{"count":3,"href":"https:\/\/certera.com\/blog\/wp-json\/wp\/v2\/posts\/3265\/revisions"}],"predecessor-version":[{"id":3270,"href":"https:\/\/certera.com\/blog\/wp-json\/wp\/v2\/posts\/3265\/revisions\/3270"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/certera.com\/blog\/wp-json\/wp\/v2\/media\/3267"}],"wp:attachment":[{"href":"https:\/\/certera.com\/blog\/wp-json\/wp\/v2\/media?parent=3265"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/certera.com\/blog\/wp-json\/wp\/v2\/categories?post=3265"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/certera.com\/blog\/wp-json\/wp\/v2\/tags?post=3265"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}