CVE-2024-55599

Summary

An Improperly Implemented Security Check for Standard vulnerability [CWE-358] in FortiOS version 7.6.0, version 7.4.7 and below, 7.0 all versions, 6.4 all versions and FortiProxy version 7.6.1 and below, version 7.4.8 and below, 7.2 all versions, 7.0 all versions may allow a remote unauthenticated user to bypass the DNS filter via Apple devices.

Affected Software

VendorProductVersion RangeStatus
FortinetFortiOS7.6.0affected
FortinetFortiOS7.4.0 <= 7.4.7affected
FortinetFortiOS7.2.0 <= 7.2.10affected
FortinetFortiOS7.0.0 <= 7.0.17affected
FortinetFortiOS6.4.0 <= 6.4.16affected
FortinetFortiProxy7.6.0 <= 7.6.1affected
FortinetFortiProxy7.4.0 <= 7.4.8affected
FortinetFortiProxy7.2.0 <= 7.2.14affected
FortinetFortiProxy7.0.0 <= 7.0.21affected

Weaknesses

  • CWE-358: Improper access control

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

Additional References

References