CVE-2024-55591 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	9.8 CRITICAL	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
fortinet	CNA	9.6 CRITICAL	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:W/RC:C
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 99%

Vendor	Product	Version
fortinet	fortiproxy	7.0.0 ≤ 𝑥 < 7.0.20
fortinet	fortiproxy	7.2.0 ≤ 𝑥 < 7.2.13
fortinet	fortios	7.0.0 ≤ 𝑥 < 7.0.17

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-288 - Authentication Bypass Using an Alternate Path or Channel
A product requires authentication, but the product has an alternate path or channel that does not require authentication.

Vulnerability Media Exposure

[GERMAN] 20 Prozent mehr ausgenutzte Schwachstellen im KEV-Katalog der CISA
Mit ihrem Katalog der „Known Exploited Vulnerabilities“ leistet die CISA einen wichtigen Beitrag für die Sicherheit der USA und hilft auch Unternehmen weltweit dabei, Sicherheitslücken zu priorisieren. Das waren die Highlights des Katalogs aus 2025.
Published: 2026-01-16T16:00:00+01:00

References

https://fortiguard.fortinet.com/psirt/FG-IR-24-535

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-55591