CVE-2024-55591

Fortinet FortiOS and FortiProxy contain an authentication bypass vulnerability that may allow an unauthenticated, remote attacker to gain super-admin privileges via crafted requests to Node.js websocket module. Vendor/Product: Fortinet FortiOS and FortiProxy. Added to CISA KEV 2025-01-14; required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.