{"id":"CVE-2024-55591","details":"An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS version 7.0.0 through 7.0.16 and FortiProxy version 7.0.0 through 7.0.19 and 7.2.0 through 7.2.12 allows a remote attacker to gain super-admin privileges via crafted requests to Node.js websocket module.","modified":"2026-05-04T08:48:35.592703Z","published":"2025-01-14T14:15:34.450Z","withdrawn":"2026-05-04T08:48:35.592703Z","references":[{"type":"WEB","url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-55591"},{"type":"ADVISORY","url":"https://fortiguard.fortinet.com/psirt/FG-IR-24-535"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"7.0.0"},{"fixed":"7.0.20"}]},{"events":[{"introduced":"7.2.0"},{"fixed":"7.2.13"}]},{"events":[{"introduced":"7.0.0"},{"fixed":"7.0.17"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-55591.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}