Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
studentuser
New Contributor II

Created on ‎01-24-2025 04:38 AM

Should I upgrade FortiOS for vulnerability CVE-2024-55591?

Hi, I read the CVE article below and wonder if I need to upgrade FortiOS:
Fortinet Security Advisory: FG-IR-24-535

My FortiOS version is 7.0.16, and the HTTP/HTTPS administrative interface is enabled only on the LAN interface (disabled on the WAN interface).

Do I need to upgrade FortiOS to protect against this vulnerability?

None
None
Labels:
842
1 Solution
Hatibi
Staff
Staff

Created on ‎01-24-2025 07:09 AM

Even if HTTP/HTTPS is enabled in a LAN interface, there is still a risk of exposure since that vulnerability can be exploited from the internal interface.

 

I would suggest to apply local-in policies as provided in the 'Workaround' section in (https://fortiguard.fortinet.com/psirt/FG-IR-24-535) where you will specify the addresses allowed to communicate to that interface for administration purposes internally.

Alternatively you can upgrade to 7.0.17 where the vulnerability is patched.

 

View solution in original post

817
4 REPLIES 4
Hatibi
Staff
Staff

Created on ‎01-24-2025 07:09 AM

Even if HTTP/HTTPS is enabled in a LAN interface, there is still a risk of exposure since that vulnerability can be exploited from the internal interface.

 

I would suggest to apply local-in policies as provided in the 'Workaround' section in (https://fortiguard.fortinet.com/psirt/FG-IR-24-535) where you will specify the addresses allowed to communicate to that interface for administration purposes internally.

Alternatively you can upgrade to 7.0.17 where the vulnerability is patched.

 

818
studentuser
New Contributor II
In response to Hatibi

Created on ‎01-27-2025 11:56 PM

Hi,Hatibi. Thank you for replay.

> Even if HTTP/HTTPS is enabled in a LAN interface, there is still a risk of exposure since that vulnerability can be exploited from the internal interface.

 

I forgot that the risk of exposures from internal interface.

Thank you.

None
None
657
0 Kudos
dingjerry_FTNT
Staff
Staff

Created on ‎01-24-2025 09:25 AM

Hi @studentuser ,

 

The vulnerability CVE-2024-55591 is in our PSIRT FG-IR-24-535.  For more info please check this:

 

https://fortiguard.fortinet.com/psirt/FG-IR-24-535

 

The Severity is Critical.  So I would recommend you upgrade the FortiGate to fix this vulnerability.

 

At least, you should apply the workaround as soon as possible.

Regards,

Jerry
805
studentuser
New Contributor II
In response to dingjerry_FTNT

Created on ‎02-08-2025 03:06 AM

@dingjerry_FTNT wrote:

Hi @studentuser ,

 

The vulnerability CVE-2024-55591 is in our PSIRT FG-IR-24-535.  For more info please check this:

 

https://fortiguard.fortinet.com/psirt/FG-IR-24-535

 

The Severity is Critical.  So I would recommend you upgrade the FortiGate to fix this vulnerability.

 

At least, you should apply the workaround as soon as possible.


Hi dingjerry_FTNT,

I've already read its articles and I've looked up at more informartion. I understand it and I decide to upgrade FortiOS as soon as possible. Thank you for your reply.

Best Regards.

None
None
422
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.