Fortinet has disclosed information about two significant vulnerabilities affecting their FortiOS and FortiProxy systems. The company clarified that only one of these (CVE-2024-55591) was actively exploited as a zero-day vulnerability, while CVE-2025-24472 was patched in January.

Affected Systems and Versions:
– FortiOS: versions 7.0.0 through 7.0.16
– FortiProxy: versions 7.0.0 through 7.0.19 and 7.2.0 through 7.2.12

Impact and Exploitation:
– Attackers could gain super-admin privileges
– Creation of unauthorized admin accounts
– Modification of firewall policies
– Unauthorized SSL VPN access
– Potential network infiltration

Attack Timeline (According to Arctic Wolf Labs):
1. Vulnerability Scanning: Nov 16-23, 2024
2. Reconnaissance: Nov 22-27, 2024
3. SSL VPN Configuration: Dec 4-7, 2024
4. Lateral Movement: Dec 16-27, 2024

Mitigation Steps:
1. Update to FortiOS 7.0.17 or higher
2. Update FortiProxy to version 7.0.20/7.2.13 or higher
3. Disable HTTP/HTTPS administrative interface
4. Implement IP-based access restrictions

Organizations using affected Fortinet products are strongly advised to implement these security measures immediately to protect their networks from potential breaches.