Skip to main content
studentuser
studentuser
New Member
January 24, 2025
Solved

Should I upgrade FortiOS for vulnerability CVE-2024-55591?

  • January 24, 2025
  • 2 replies
  • 3507 views

Hi, I read the CVE article below and wonder if I need to upgrade FortiOS:
Fortinet Security Advisory: FG-IR-24-535

My FortiOS version is 7.0.16, and the HTTP/HTTPS administrative interface is enabled only on the LAN interface (disabled on the WAN interface).

Do I need to upgrade FortiOS to protect against this vulnerability?

    Best answer by Hatibi

    Even if HTTP/HTTPS is enabled in a LAN interface, there is still a risk of exposure since that vulnerability can be exploited from the internal interface.

     

    I would suggest to apply local-in policies as provided in the 'Workaround' section in (https://fortiguard.fortinet.com/psirt/FG-IR-24-535) where you will specify the addresses allowed to communicate to that interface for administration purposes internally.

    Alternatively you can upgrade to 7.0.17 where the vulnerability is patched.

     

    2 replies

    Hatibi
    Staff & Editor
    HatibiAnswer
    Staff & Editor
    January 24, 2025

    Even if HTTP/HTTPS is enabled in a LAN interface, there is still a risk of exposure since that vulnerability can be exploited from the internal interface.

     

    I would suggest to apply local-in policies as provided in the 'Workaround' section in (https://fortiguard.fortinet.com/psirt/FG-IR-24-535) where you will specify the addresses allowed to communicate to that interface for administration purposes internally.

    Alternatively you can upgrade to 7.0.17 where the vulnerability is patched.

     

      studentuser
      studentuserAuthor
      New Member
      January 28, 2025

      Hi,Hatibi. Thank you for replay.

      > Even if HTTP/HTTPS is enabled in a LAN interface, there is still a risk of exposure since that vulnerability can be exploited from the internal interface.

       

      I forgot that the risk of exposures from internal interface.

      Thank you.

      dingjerry_FTNT
      Staff
      dingjerry_FTNT
      Staff
      January 24, 2025

      Hi @studentuser ,

       

      The vulnerability CVE-2024-55591 is in our PSIRT FG-IR-24-535.  For more info please check this:

       

      https://fortiguard.fortinet.com/psirt/FG-IR-24-535

       

      The Severity is Critical.  So I would recommend you upgrade the FortiGate to fix this vulnerability.

       

      At least, you should apply the workaround as soon as possible.

        studentuser
        studentuserAuthor
        New Member
        February 8, 2025
        @dingjerry_FTNT wrote:

        Hi @studentuser ,

         

        The vulnerability CVE-2024-55591 is in our PSIRT FG-IR-24-535.  For more info please check this:

         

        https://fortiguard.fortinet.com/psirt/FG-IR-24-535

         

        The Severity is Critical.  So I would recommend you upgrade the FortiGate to fix this vulnerability.

         

        At least, you should apply the workaround as soon as possible.


        Hi dingjerry_FTNT,

        I've already read its articles and I've looked up at more informartion. I understand it and I decide to upgrade FortiOS as soon as possible. Thank you for your reply.

        Best Regards.

        Terms & ConditionsAccessibility statement