Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability
What it is
Fortinet FortiOS and FortiProxy contain an authentication bypass vulnerability that may allow an unauthenticated, remote attacker to gain super-admin privileges via crafted requests to Node.js websocket module.
Known to be used in ransomware campaigns.Active threat actors have chained this vulnerability into ransomware operations — treat patching as a same-week priority, not a "next maintenance window" task. The coping action is the same one below; the urgency is higher.
Who's affected
Affects anyone whose internet connection goes through a Fortinet appliance — typically a FortiGate firewall or FortiClient VPN. The firewall sits between every device in the office and the internet; exploitation can mean an attacker gets inside the network perimeter without touching a workstation.
What to do
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
CISA action deadline: January 21, 2025. Federal agencies must complete the required action by this date. For private SMBs the deadline is advisory — but treat it as a strong recommendation, especially if you handle regulated data (HIPAA, GLBA, ABA model rules).
If you don't have someone in-house to verify the patch deployed across every endpoint — or you're not sure whether you're affected — that's exactly the kind of triage we do. Book a free 20-minute triage call.
Severity
CVSS base score: 9.8 — CRITICAL
Weakness classification: CWE-288
Source
Pulled daily from the public cisagov/kev-data mirror (CC0). View the original entry on cisa.gov. CISA KEV is US-Government public-domain data; we add the SMB-vertical framing and the coping action above.