CVE-2024-55599 MEDIUM

Published: 2025-07-08 | Last Modified: 2026-06-09 | Status: Modified

Description

An Improperly Implemented Security Check for Standard vulnerability [CWE-358] in FortiOS version 7.6.0, version 7.4.7 and below, 7.0 all versions, 6.4 all versions and FortiProxy version 7.6.1 and below, version 7.4.8 and below, 7.2 all versions, 7.0 all versions may allow a remote unauthenticated user to bypass the DNS filter via Apple devices.

Additional Descriptions (1)

Una comprobación de seguridad implementada incorrectamente para la vulnerabilidad estándar [CWE-358] en FortiOS versión 7.6.0, versión 7.4.7 y anteriores, 7.0 todas las versiones, 6.4 todas las versiones y FortiProxy versión 7.6.1 y anteriores, versión 7.4.8 y anteriores, 7.2 todas las versiones, 7.0 todas las versiones puede permitir que un usuario remoto no autenticado evite el filtro DNS a través de dispositivos Apple.

CVSS Metrics

Base Score: 5.3 (MEDIUM)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Attack Vector	NETWORK
Attack Complexity	LOW
Privileges Required	NONE
User Interaction	NONE
Scope	UNCHANGED
Confidentiality Impact	NONE
Integrity Impact	LOW
Availability Impact	NONE

Source: [email protected]

Type: Secondary

Exploitability Score: 3.9

Impact Score: 1.4

Weaknesses

Source	Type	Description
[email protected]	Secondary	en CWE-358

Affected Products

Vendor	Product	Version	Update	Type
fortinet	fortiproxy	*	<built-in method update of dict object at 0x7d1e643c0e00>	Application
fortinet	fortiproxy	*	<built-in method update of dict object at 0x7d1e5fe3d940>	Application
fortinet	fortisase	24.4.32	<built-in method update of dict object at 0x7d1e542c5c80>	Application
fortinet	fortios	*	<built-in method update of dict object at 0x7d1e357b0b00>	Operating System
fortinet	fortios	*	<built-in method update of dict object at 0x7d1e643c2240>	Operating System
fortinet	fortios	7.6.0	<built-in method update of dict object at 0x7d1e643c1140>	Operating System

Affected Configurations

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:a:fortinet:fortiproxy::::::::`
Yes	`cpe:2.3:a:fortinet:fortiproxy::::::::`
Yes	`cpe:2.3:a:fortinet:fortisase:24.4.32::::-:::`
Yes	`cpe:2.3:o:fortinet:fortios::::::::`
Yes	`cpe:2.3:o:fortinet:fortios::::::::`
Yes	`cpe:2.3:o:fortinet:fortios:7.6.0:::::::*`

References

https://fortiguard.fortinet.com/psirt/FG-IR-24-053
Source: [email protected]

Vendor Advisory
https://cert-portal.siemens.com/productcert/html/ssa-864900.html
Source: 0b142b55-0307-4c5a-b3c9-f314f3fb7c5e