VDB
CFADVISORY-CL-application-security-waf-waf-release-2025-02-18
CFADVISORY-CL-application-security-waf-waf-release-2025-02-18
PUBLISHED
Exploit Intelligence
- watchtowrlabs/fortios-auth-bypass-poc-CVE-2024-55591 (github-poc-repo)
- An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS and FortiProxy may allow a remote attacker to gain super-admin privileges via crafted requests to Node.js websocket module. (github-poc-repo)
- demonstriert, wie mittels missbräuchlicher Nutzung eines Swap-Cookies eine VPN-Session übernommen werden kann. Wichtig: Dieses Projekt dient ausschliesslich zu Bildungs- und Forschungszwecken – bitte nur in Umgebungen verwenden, in denen Du explizit authorisiert bist. (github-poc-repo)
- build-script for CVE-2024-46507 and CVE-2024-46508 (github-poc-repo)
- 0x7556/CVE-2024-55591 (github-poc-repo)
- binarywarm/exp-cmd-add-admin-vpn-CVE-2024-55591 (github-poc-repo)
- A comprehensive all-in-one Python-based Proof of Concept script to discover and exploit a critical authentication bypass vulnerability (CVE-2024-55591) in certain Fortinet devices. (github-poc-repo)
- UMChacker/CVE-2024-55591-POC (github-poc-repo)
- SonicWall security audit toolkit with vulnerable CTF lab (CVE-2021-20038, CVE-2024-53704) (github-poc-repo)
- CVE-2024-57727 (github-poc)
…and 33 more exploits
Timeline
- Feb 18, 2025 CVE Published
References
- WAF - WAF Release - 2025-02-18 advisory