PatchSiren cyber security CVE debrief
CVE-2024-55591 Fortinet CVE debrief
CVE-2024-55591 is a Fortinet FortiOS and FortiProxy authentication bypass vulnerability that CISA added to the Known Exploited Vulnerabilities catalog on 2025-01-14. Because it is a KEV-listed issue and marked as having known ransomware campaign use, organizations should treat it as an urgent remediation priority and follow Fortinet’s vendor guidance immediately.
- Vendor
- Fortinet
- Product
- FortiOS and FortiProxy
- CVSS
- Unknown
- CISA KEV
- Listed
- Original CVE published
- 2025-01-14
- Original CVE updated
- 2025-01-14
- Advisory published
- 2025-01-14
- Advisory updated
- 2025-01-14
Who should care
Organizations running FortiOS or FortiProxy, especially internet-facing deployments; security operations teams; vulnerability management teams; incident responders; and managed service providers responsible for Fortinet perimeter devices.
Technical summary
The vulnerability is described as an authentication bypass affecting Fortinet FortiOS and FortiProxy. The supplied corpus does not include exploit mechanics, affected version ranges, or remediation version numbers, so defensive handling should rely on the Fortinet PSIRT advisory and CISA KEV guidance rather than assumptions. Its KEV status indicates known exploitation in the wild, which materially raises urgency.
Defensive priority
Critical. The CVE is in CISA KEV with a remediation due date of 2025-01-21 and is marked for known ransomware campaign use, so exposure should be prioritized immediately.
Recommended defensive actions
- Review the Fortinet PSIRT advisory referenced in the source metadata (FG-IR-24-535) and apply vendor-recommended mitigations as soon as possible.
- If mitigations are unavailable or cannot be applied promptly, follow CISA guidance and discontinue use of the affected product until risk is reduced.
- Identify all FortiOS and FortiProxy assets in your environment, with special attention to internet-facing and externally reachable systems.
- Increase monitoring for suspicious authentication activity, unexpected administrative access, and configuration changes on Fortinet devices.
- Track remediation against the CISA KEV due date of 2025-01-21 and escalate any unremediated exposure as a priority incident risk.
Evidence notes
The corpus identifies CVE-2024-55591 as a Fortinet FortiOS and FortiProxy authentication bypass vulnerability and records it in the CISA Known Exploited Vulnerabilities catalog on 2025-01-14. CISA metadata marks the issue as having known ransomware campaign use and directs organizations to apply vendor mitigations or discontinue use if mitigations are unavailable. The source metadata also references the Fortinet PSIRT advisory FG-IR-24-535 and the NVD record for CVE-2024-55591.
Official resources
-
CVE-2024-55591 CVE record
CVE.org
-
CVE-2024-55591 NVD detail
NVD
-
CISA Known Exploited Vulnerabilities catalog
CISA - Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
-
Source item URL
cisa_kev
CVE-2024-55591 was published on 2025-01-14 and entered CISA’s KEV catalog the same day, indicating immediate defensive urgency.