Fortinet Fixes Security Flaws in FortiSandbox, FortiOS, and Other Key Products

Fortinet’s Product Security Incident Response Team (PSIRT) recently addressed multiple critical vulnerabilities across its product portfolio, including high-risk flaws in FortiOS, FortiProxy, and FortiSandbox.

These patches reflect ongoing efforts to strengthen enterprise security infrastructure against evolving cyber threats.

Critical Vulnerabilities

CVE-2024-40591 (Critical CVSS 9.6)

Authentication bypass vulnerability in Node.js websocket module allowing unauthenticated attackers to gain super-admin privileges through crafted CSF requests. Affects:

• FortiOS 7.0.12-7.0.16
• FortiProxy 7.2.8-7.2.12

High-Severity Vulnerabilities

Key resolved issues include:

Remediation Measures

1. Immediate Patching
   Apply security updates through Fortinet’s official channels: bash# For FortiOS/FortiProxy execute upgrade https://<update-server>/patches/FG-IR-24-535.out Reference Fortinet’s Upgrade Path Tool for version guidance.
2. Attack Surface Reduction
   • Disable HTTP/HTTPS administrative interfaces
   • Implement local-in policies to restrict management access
3. Compromise Assessment
   Hunt for IOCs from Fortinet advisory FG-IR-24-535 including:
   • Unusual super-admin account activity
   • Websocket connections to suspicious IP ranges

Fortinet continues to demonstrate rapid response capabilities, with 17 new advisories addressing 18 vulnerabilities across 12 product lines in March 2025 alone.

Organizations using affected products should prioritize these updates given the critical nature of the authentication bypass flaws and evidence of active exploit.

Also Read: