CVE-2024-55599

CWE-3584 documents4 sources

Severity

5.3MEDIUM

EPSS

0.1%

top 79.45%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fortinet Fortios Fortinet Fortiproxy Fortinet Fortisase

Timeline

PublishedJul 8

Description

An Improperly Implemented Security Check for Standard vulnerability [CWE-358] in FortiOS version 7.6.0, version 7.4.7 and below, 7.0 all versions, 6.4 all versions and FortiProxy version 7.6.1 and below, version 7.4.8 and below, 7.2 all versions, 7.0 all versions may allow a remote unauthenticated user to bypass the DNS filter via Apple devices.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages5 packages

▶NVDfortinet/fortios6.4.0 — 7.2.11+2

▶NVDfortinet/fortiproxy7.0.0 — 7.4.9+1

▶CVEListV5fortinet/fortios7.4.0 — 7.4.7+4

▶CVEListV5fortinet/fortiproxy7.6.0 — 7.6.1+3

▶NVDfortinet/fortisase24.4.32

🔴Vulnerability Details

GHSA

GHSA-j5ff-wp9g-xph9: An Improperly Implemented Security Check for Standard vulnerability [CWE-358] in FortiOS version 7↗2025-07-08

▶

CVEList

CVE-2024-55599: An Improperly Implemented Security Check for Standard vulnerability [CWE-358] in FortiOS version 7↗2025-07-08

▶

📋Vendor Advisories

Fortinet

DNS type 65 resource record requests bypass DNS filter↗2025-07-08

▶