CVE-2024-55597
📋 TL;DR
This path traversal vulnerability in Fortinet FortiWeb web application firewalls allows attackers to bypass directory restrictions and potentially execute unauthorized code or commands. It affects organizations running FortiWeb versions 7.0.0 through 7.6.0. Attackers can exploit this by sending specially crafted requests to vulnerable systems.
💻 Affected Systems
- Fortinet FortiWeb
📦 What is this software?
Fortiweb by Fortinet
Fortiweb by Fortinet
⚠️ Risk & Real-World Impact
Worst Case
Remote code execution leading to complete system compromise, data exfiltration, or lateral movement within the network.
Likely Case
Unauthorized file access, configuration modification, or limited command execution depending on system permissions.
If Mitigated
Attack blocked at perimeter with proper input validation and least privilege configurations in place.
🎯 Exploit Status
Path traversal vulnerabilities typically have low exploitation complexity once the vulnerable endpoint is identified.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 7.6.1 and later
Vendor Advisory: https://fortiguard.fortinet.com/psirt/FG-IR-24-439
Restart Required: Yes
Instructions:
1. Log into FortiWeb management interface. 2. Navigate to System > Dashboard. 3. Check for available firmware updates. 4. Download and install FortiWeb version 7.6.1 or later. 5. Reboot the device after installation completes.
🔧 Temporary Workarounds
Input Validation Rules
allImplement strict input validation rules to block path traversal patterns in requests.
Configure via FortiWeb GUI: Security > Server Policy > Edit Policy > Input Validation
Access Control Restrictions
allRestrict access to management interfaces and vulnerable endpoints using network ACLs.
Configure via FortiWeb GUI: System > Network > Interface > Access Control
🧯 If You Can't Patch
- Isolate vulnerable FortiWeb devices behind additional firewall layers with strict ingress/egress rules.
- Implement network segmentation to limit potential lateral movement if exploitation occurs.
🔍 How to Verify
Check if Vulnerable:
Check FortiWeb firmware version via GUI: System > Dashboard > Firmware Version, or CLI: get system statusCheck Version:
get system status | grep VersionVerify Fix Applied:
Confirm firmware version is 7.6.1 or later and test with known safe path traversal payloads.📡 Detection & Monitoring
Log Indicators:
- Unusual file access patterns
- Requests containing '../' sequences
- Failed authentication attempts followed by path traversal patterns
Network Indicators:
- Unusual outbound connections from FortiWeb device
- Traffic patterns indicating file enumeration
SIEM Query:
source="fortiweb" AND ("../" OR "..\\" OR "%2e%2e%2f")