This script is a Proof of Concept (PoC) designed to test and exploit the CVE-2024-55591 vulnerability in vulnerable versions of FortiOS and FortiProxy. It bypasses authentication on Fortinet devices running vulnerable firmware, potentially allowing unauthorized access to sensitive management interfaces.
Warning: This PoC is intended for educational purposes and to demonstrate the exploitability of the CVE. It should only be used in a controlled environment with explicit permission from the target system's owner.
- FortiOS: v7.0.0 to v7.0.16
- FortiProxy: v7.0.0 to v7.0.19, v7.2.0 to v7.2.12
For more information about this vulnerability, refer to the FortiGuard PSIRT advisory.
The script requires the following Python libraries to be installed:
- requests: A simple HTTP library to make requests to the target system.
- urllib3: To handle SSL certificates and HTTP requests securely.
You can install these dependencies via pip:
pip install requests urllib3The script handles WebSocket connections for exploitation and optionally uses SSL to connect to the target system.
-
Clone the repository (or copy the script):
git clone https://github.com/rawtips/CVE-2024-55591.git cd CVE-2024-55591 -
Run the exploit:
python3 exploit.py
-
The script will guide you through a series of prompts to gather input:
- Target IP/Hostname: Enter the IP address or hostname of the target system.
- Ports: Input a port to connect to (usually the management port, like
443for SSL). - SSL Option: Choose whether to use SSL (recommended for secure connections).
- Command Selection: Choose an initial command to run on the target system after successful exploitation (e.g.,
get system info,execute reboot). - Post-Exploitation: Optionally run additional commands (e.g., diagnostic tools, shell access).
-
Exploitation Process:
- The script will attempt to connect to the target system's management interface and exploit CVE-2024-55591 by bypassing the login mechanism.
- Once connected, it will send the initial command and, if desired, execute post-exploitation commands.
-
Pre-flight Checks:
- The script will check if the target system is running a vulnerable version of FortiOS or FortiProxy on the specified port.
- If it detects the target system and verifies it's running the vulnerable software version, it proceeds with the exploitation.
-
WebSocket Connection:
- After the pre-flight check, the script establishes a WebSocket connection to the management interface.
-
Exploitation:
- Once connected, the script sends the required login context and then sends a predefined or custom command (such as
get system info) to the target.
- Once connected, the script sends the required login context and then sends a predefined or custom command (such as
-
Post-Exploitation:
- If post-exploitation is enabled, the script will run additional commands on the target system to gather further information or provide a shell access.
- Legal Warning: You must have permission to test and exploit the target system. Unauthorized access or actions may be illegal and unethical.
- Intended Use: This PoC is for educational purposes only and should only be used in a safe, controlled environment.
- Target Systems: This PoC is intended for FortiOS and FortiProxy systems running the affected versions listed above. It will not work on patched or updated systems.