CVE-2024-55599
MediumCVSS 5.3Exploitation Probability (EPSS)
Low risk44th percentile - higher than 44% of all known CVEs
Summary
FortiOS and FortiProxy have a vulnerability related to improperly implemented security checks that may allow a remote unauthenticated user to bypass the DNS filter using Apple devices.
Risk Assessment
Organizations may be exposed to attacks that exploit this vulnerability to bypass DNS security measures, potentially leading to unauthorized access to resources.
Recommendation
It is recommended to update FortiOS and FortiProxy to the latest versions to patch this vulnerability and to monitor network traffic for potential exploitation attempts.
Original NVD description (English source)
An Improperly Implemented Security Check for Standard vulnerability [CWE-358] in FortiOS version 7.6.0, version 7.4.7 and below, 7.0 all versions, 6.4 all versions and FortiProxy version 7.6.1 and below, version 7.4.8 and below, 7.2 all versions, 7.0 all versions may allow a remote unauthenticated user to bypass the DNS filter via Apple devices.

