What is it?
Fortinet offers virtual private network (SSL VPN) and firewall products as part of FortiOS and FortiProxy.
Why is it a risk?
An attacker gain super-admin privileges via crafted requests to Node.js websocket module. More details about the threat may be available from the NIST link below.
This is considered a CRITICAL problem of VERY HIGH risk.
How can you mitigate the risk?
The only mitigation is to upgrade to the latest version of FortiOS or FortiProxy (link below).
Resources:
National Institute of Standards and Technology (NIST) threat overview
https://nvd.nist.gov/vuln/detail/CVE-2024-55591
FortiNet
