Authentication bypass vulnerability CVE-2024-55591 (CVSSv3.1 9.6/10 Critical) in Fortinet’s FortiOS versions 7.0.0-7.0.16 and FortiProxy versions 7.0.0-7.0.19 and 7.2.0-7.2.12 could allow a remote threat actor to obtain super-admin privileges via specially crafted requests to the Node.js websocket module. The vulnerability is currently exploited in the wild to create admin or local users on the impacted systems, add or change firewall policies and other settings, and log into the sslvpn to gain internal network access. As this vulnerability is currently being exploited in the wild and Fortinet flaws are often widely exploited by threat actors, the NJCCIC highly advises mitigating the vulnerability by upgrading impacted systems or applying the workarounds provided, including disabling public-facing firewall management access, disabling the HTTP/HTTPS administrative interface, or establishing IP address allowlists for access. Fortinet offers additional details and indicators of compromise in its FortiGuard Labs advisory.