Untitled attachment

Notices where this attachment appears

1. Embed this notice
   The Shadowserver Foundation (shadowserver@infosec.exchange)'s status on Monday, 20-Jan-2025 21:46:22 JST The Shadowserver Foundation

   We are sharing daily results of Fortinet CVE-2024-55591 (auth bypass) vulnerable instances in our Vulnerable HTTP report - https://shadowserver.org/what-we-do/network-reporting/vulnerable-http-report/

   CVE-2024-55591 is known to be exploited in the wild & on @cisacyber KEV.

   Around 50K found vulnerable: Around 50K found vulnerable: https://dashboard.shadowserver.org/statistics/combined/map/?map_type=std&day=2025-01-19&source=http_vulnerable&source=http_vulnerable6&tag=cve-2024-55591%2B&geo=all&data_set=count&scale=log

   Our test is based on the methodology published by
   @watchtowrcyber
   https://github.com/watchtowrlabs/fortios-auth-bypass-check-CVE-2024-55591/blob/main/CVE-2024-55591-check.py - thank you!

   CVE-2024-55591 vulnerability tracker: https://dashboard.shadowserver.org/statistics/combined/time-series/?date_range=7&source=http_vulnerable&source=http_vulnerable6&tag=cve-2024-55591%2B&dataset=unique_ips&group_by=geo&style=stacked

   Fortinet advisory: https://fortiguard.com/psirt/FG-IR-24-535

   Make sure to check for signs of compromise!

   Additional background: https://arcticwolf.com/resources/blog/console-chaos-targets-fortinet-fortigate-firewalls/