Fortinet FortiOS Critical Vulnerability Advisory — Action Required for Singapore Businesses

⚠️ Advisory Level: CRITICAL — Patch immediately if running affected FortiOS versions.

Fortinet has disclosed multiple critical vulnerabilities in FortiOS affecting SSL-VPN and the management interface. Two vulnerabilities — CVE-2024-55591 and CVE-2024-21762 — are rated CVSS 9.6 and have been confirmed as actively exploited in the wild by threat actors targeting enterprise networks across Asia-Pacific, including Singapore.

What is affected?

CVE	CVSS Score	Component	Impact
CVE-2024-55591	9.6 Critical	FortiOS / FortiProxy WebSocket	Authentication bypass — unauthenticated RCE via WebSocket module
CVE-2024-21762	9.6 Critical	FortiOS SSL-VPN	Out-of-bounds write — unauthenticated RCE via SSL-VPN interface

Affected FortiOS versions

FortiOS 7.4.0 to 7.4.2 — upgrade to 7.4.3 or later
FortiOS 7.2.0 to 7.2.6 — upgrade to 7.2.7 or later
FortiOS 7.0.0 to 7.0.13 — upgrade to 7.0.14 or later
FortiOS 6.4.x — upgrade to 6.4.15 or later

What attackers can do if exploited

Successful exploitation of CVE-2024-55591 allows an unauthenticated remote attacker to gain super-admin privileges on the FortiGate device. Observed post-exploitation activity in the wild has included:

Creating new administrator accounts with randomised usernames
Adding SSL-VPN portals pointing to attacker-controlled IP addresses
Exfiltrating firewall configurations and network topology data
Pivoting laterally to internal systems through the compromised perimeter

Immediate actions — what to do today

Audit your FortiOS version — log into your FortiGate and check System > Dashboard > Status.
Patch immediately — upgrade to a patched version. If a maintenance window is required, implement the interim workaround below.
Interim workaround — disable HTTP/HTTPS administrative access from the internet: config system global / set admin-sport 0 / end
Review admin accounts — check System > Administrators for any accounts you do not recognise. Delete them immediately if found.
Check firewall logs — look for connections to the management interface from external IP addresses, especially outside business hours.

Indicators of compromise

Unexpected admin accounts in System > Administrators with random 8-character usernames
New SSL-VPN portals under VPN > SSL-VPN Portals pointing to unknown IP ranges
Log entries showing successful admin logins from unfamiliar public IPs
Firewall policy rule changes you did not authorise

Context: why Singapore networks are targeted

Singapore's position as a regional financial hub and data centre cluster makes its networks a high-value target. The Cyber Security Agency of Singapore (CSA) has previously issued advisories urging organisations to treat Fortinet vulnerabilities with priority, noting that Singapore-based IP ranges are actively scanned for known CVEs within hours of public disclosure.

Organisations running FortiGate appliances as their primary perimeter firewall — common in hotel groups, financial services firms, and managed service environments — are at elevated risk if SSL-VPN is enabled and accessible from the internet.

Longer-term hardening

Restrict management interface access to internal or jump-host IPs only — never expose FortiGate admin to the public internet
Enable two-factor authentication on all administrator accounts
Subscribe to Fortinet PSIRT advisories at psirt.fortinet.com
Include FortiOS firmware in your quarterly patch management cycle
Deploy FortiAnalyzer or a SIEM to retain and monitor firewall logs for anomalous access patterns

Need help patching or assessing your FortiGate environment?

AGR Networks provides emergency patching assistance and post-compromise assessments for FortiOS environments across Singapore. Our engineers hold Fortinet NSE certifications and can assist with version upgrades, IoC analysis, and hardening reviews. Contact us →

Loading Experience