Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://infosec.exchange/users/screaminggoat/statuses/113827171069136576">screaminggoat (screaminggoat@infosec.exchange)'s status on Tuesday, 14-Jan-2025 23:29:11 JST</a><a href="https://infosec.exchange/@screaminggoat" title="screaminggoat@infosec.exchange"><img src="https://gnusocial.jp/avatar/278335-48-20250102170004.webp" width="48" height="48" alt="screaminggoat" style="position: absolute; left: 0; top: 0;">screaminggoat</a><div><ul><li><li><a href="https://gnusocial.jp/user/38360" title="gossithedog@cyberplace.social">Kevin Beaumont</a></li><li><a href="https://gnusocial.jp/user/161036" title="cr0w@infosec.exchange">cR0w :cascadia:</a></li><li><a href="https://gnusocial.jp/user/232810" title="wdormann@infosec.exchange">Will Dormann</a></li></ul></div></section><article><p>Happy <a href="https://infosec.exchange/tags/ZeroDay" rel="tag">#ZeroDay</a> from your friends at Fortinet: <a href="https://fortiguard.fortinet.com/psirt/FG-IR-24-535" rel="nofollow">Authentication bypass in Node.js websocket module</a><br>CVE-2024-55591 (CVSSv3.1: 9.8 critical) An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS and FortiProxy may allow a remote attacker to gain super-admin privileges via crafted requests to Node.js websocket module.</p><p>Please note that reports show this is being exploited in the wild.</p><p>Indicators of compromise include possible log entries, IP addresses used, and admin accounts created. cc: <a href="https://cyberplace.social/@GossiTheDog" rel="nofollow">@GossiTheDog</a> <a href="https://infosec.exchange/@wdormann">@wdormann</a> <a href="https://infosec.exchange/@cR0w">@cR0w</a> <a href="https://infosec.exchange/@briankrebs">@briankrebs</a> </p><p><a href="https://infosec.exchange/tags/zeroday" rel="tag">#zeroday</a> <a href="https://infosec.exchange/tags/patchtuesday" rel="tag">#patchtuesday</a> <a href="https://infosec.exchange/tags/fortinet" rel="tag">#fortinet</a> <a href="https://infosec.exchange/tags/vulnerability" rel="tag">#vulnerability</a> <a href="https://infosec.exchange/tags/CVE_2024_55591" rel="tag">#CVE_2024_55591</a> <a href="https://infosec.exchange/tags/infosec" rel="tag">#infosec</a> <a href="https://infosec.exchange/tags/ioc" rel="tag">#ioc</a> <a href="https://infosec.exchange/tags/threatintel" rel="tag">#threatintel</a> <a href="https://infosec.exchange/tags/infosec" rel="tag">#infosec</a> <a href="https://infosec.exchange/tags/cybersecurity" rel="tag">#cybersecurity</a> #</p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/4372942#notice-8552236">In conversation</a><time datetime="2025-01-14T23:29:11+09:00" title="Tuesday, 14-Jan-2025 23:29:11 JST">about 5 months ago</time> <span>from <span><a href="https://infosec.exchange/@screaminggoat/113827171069136576" rel="external" title="Sent from infosec.exchange via ActivityPub">infosec.exchange</a></span></span><a href="https://infosec.exchange/@screaminggoat/113827171069136576">permalink</a></footer></blockquote>

Corresponding Notice

Embed this notice
screaminggoat (screaminggoat@infosec.exchange)'s status on Tuesday, 14-Jan-2025 23:29:11 JSTscreaminggoat
Happy #ZeroDay from your friends at Fortinet: Authentication bypass in Node.js websocket module
CVE-2024-55591 (CVSSv3.1: 9.8 critical) An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS and FortiProxy may allow a remote attacker to gain super-admin privileges via crafted requests to Node.js websocket module.
Please note that reports show this is being exploited in the wild.
Indicators of compromise include possible log entries, IP addresses used, and admin accounts created. cc: @GossiTheDog @wdormann @cR0w @briankrebs
#zeroday #patchtuesday #fortinet #vulnerability #CVE_2024_55591 #infosec #ioc #threatintel #infosec #cybersecurity #
In conversationabout 5 months ago from infosec.exchangepermalink

Public

Embed Notice

HTML Code

Corresponding Notice