CVE Catalog

CVE-2024-55599

MediumCVSS 5.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.22%

44th percentile - higher than 44% of all known CVEs

Summary

FortiOS and FortiProxy have a vulnerability related to improperly implemented security checks that may allow a remote unauthenticated user to bypass the DNS filter using Apple devices.

Risk Assessment

Organizations may be exposed to attacks that exploit this vulnerability to bypass DNS security measures, potentially leading to unauthorized access to resources.

Recommendation

It is recommended to update FortiOS and FortiProxy to the latest versions to patch this vulnerability and to monitor network traffic for potential exploitation attempts.

Original NVD description (English source)

An Improperly Implemented Security Check for Standard vulnerability [CWE-358] in FortiOS version 7.6.0, version 7.4.7 and below, 7.0 all versions, 6.4 all versions and FortiProxy version 7.6.1 and below, version 7.4.8 and below, 7.2 all versions, 7.0 all versions may allow a remote unauthenticated user to bypass the DNS filter via Apple devices.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS