Home About NCSC NCSC Alerts and Advisories Authentication Bypass Using an Alternate Path or Channel vulnerability 

Authentication Bypass Using an Alternate Path or Channel vulnerability 

Published:

Jan 25, 2025

Updated:

AUG 11, 2025

Who can use this content?

Businesses and Organizations | Critical Infrastructure | Government | SME Owners

Alert Status: Critical

Fortinet identified a critical vulnerability affecting FortiOS and FortiProxy products. This vulnerability poses a significant risk as it could compromise the confidentiality, integrity, or availability of affected systems.

The Department of Information and Communications Technology (DICT) through the National Cyber Security Center (NCSC) issues this advisory to alert all PNG Government departments, agencies, and organizations about a critical vulnerability discovered in FortOS and FortiProxy products. This alert is intended to be understood by technical users. 

Background

Fortinet, a prominent provider of security solutions like firewalls, endpoint security and intrusion detection systems, has identified a critical vulnerability affecting FortiOS and FortiProxy. The identified vulnerability is categorized under the Common Vulnerabilities and Exposures (CVE) system with the following reference number: CVE-2024-55591. The vulnerability may allow an unauthenticated remote attacker to gain “super-admin” privileges. 

Fortinet has already identified active exploits of this critical vulnerability, and have observed the following post exploitation activities: 

  1. Creating an admin account on the device with a random username. 
  1. Creating a Local User account on the device using a random name. 
  1. Creating a user group or adding the above local user to an existing sslvpn user group 
  1. Adding/changing other settings (firewall policy, etc) 
  1. Logging in the sslvpn with the above added local users to get a tunnel to the internal network. 

Affected versions or applications: 

Product Version Solution 
FortiOS 7.0.0 through 7.0.16 Upgrade to 7.0.17 or above 
FortiProxy 7.2.0 through 7.2.12 Upgrade to 7.2.13 or above 
FortiProxy 7.0.0 through 7.0.19 Upgrade to 7.0.20 or above 

Mitigation

To safeguard your organization’s systems and data, DICT and NCSC strongly recommend taking the following actions: 

  1. Follow Fortinet’s published advice for affected versions. 
  1. Upgrade affected versions of FortiOS and FortiProxy versions. 
  1. Monitor and investigate for suspicious activity in connected environments. 

For more detailed information and specific instructions regarding the vulnerability and updates, we encourage you to refer to Fortinet’s published advice through the following link: Authentication bypass in Node.js websocket module

Prompt action is crucial in addressing these critical vulnerabilities to ensure the security and stability of your organization’s systems and data. By remaining vigilant and keeping your infrastructure up-to-date, you can effectively safeguard against potential cyber threats. The NCSC and the Department of ICT are dedicated to promoting a secure digital environment, and we encourage all stakeholders to adhere to the recommended actions for enhanced cybersecurity resilience. 

For any further assistance or inquiries, please reach out to the National Cyber Security Center (NCSC). Together, let us prioritize cybersecurity and protect Papua New Guinea’s digital landscape.