Fortinet closes security gaps in various products, attacks ongoing
Fortinet has released security updates for numerous products. At least one vulnerability is already under attack.
(Image: Bild erstellt mit KI in Bing Designer durch heise online / dmk)
Fortinet issued security bulletins on vulnerabilities in various products on Wednesday night. Some vulnerabilities are considered high-risk. At least one – is the only one to be classified as "critical" – is already being attacked by criminals on the Internet.
The vulnerability that has already been attacked affects FortiOS and FortiProxy, and Fortinet has thus updated a security announcement from January. This relates to an authentication bypass in the Node.js web socket module(CVE-2024-55591, CVSS 9.6, risk"critical"). The entry CVE-2025-24472, CVSS 8.1,"high" risk has now been added. The manufacturer explains that attackers from the network can gain super admin rights by sending manipulated requests to the Node.js web socket module or prepared CSF proxy requests.
FortiOS and FortiProxy gap already attacked
According to Fortinet, this is already happening on the Internet. The announcement therefore lists Indicators of Compromise (IOCs), which admins can use to check whether they have already been attacked. FortiOS 7.0.0 to 7.0.16 is affected, version 7.0.17 or newer will help. For FortiProxy 7.2.0 to 7.2.12, version 7.2.13 and for 7.0.0 to 7.0.19 version 7.0.20 or newer are available to close the gap.
Videos by heise
On the Fortinet PSIRT page, there are many other updates available for various products, including FortiAnalyzer, FortiPAM, FortiSwitchManager, FortiClientMac, FortiClientWindows, FortiSandbox, FortiManager and so on. In the meantime, the page is somewhat unstable and only returns an error message, but after a short time the display usually works. Admins should go through the list and ensure that the updates for the devices used in their own networks are applied quickly.
(dmk)
