CVE-2024-55599 – This vulnerability allows remote unauthenticate... (How to Fix)

Q: What is the severity of CVE-2024-55599?

CVE-2024-55599 has a CVSS score of 5.3 (MEDIUM). This vulnerability allows remote unauthenticated attackers to bypass DNS filtering protections on Fortinet devices when Apple devices are used. It affects FortiOS and FortiProxy across multiple versions due to improper security check implementation. Organizations using these products with Apple devices in their network are at risk.

📋 TL;DR

This vulnerability allows remote unauthenticated attackers to bypass DNS filtering protections on Fortinet devices when Apple devices are used. It affects FortiOS and FortiProxy across multiple versions due to improper security check implementation. Organizations using these products with Apple devices in their network are at risk.

💻 Affected Systems

Products:

FortiOS
FortiProxy

Versions: FortiOS: 7.6.0, 7.4.7 and below, 7.0 all versions, 6.4 all versions; FortiProxy: 7.6.1 and below, 7.4.8 and below, 7.2 all versions, 7.0 all versions

Operating Systems: FortiOS (Fortinet OS), FortiProxy (Fortinet OS)

Default Config Vulnerable: ⚠️ Yes

Notes: Requires Apple devices (iOS, macOS) to trigger the vulnerability. DNS filtering must be enabled and configured.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could bypass DNS filtering to access malicious domains, potentially leading to malware infections, data exfiltration, or command and control communications.

🟠

Likely Case

Users could bypass corporate DNS filtering policies to access blocked websites or services, compromising security policies.

🟢

If Mitigated

With proper network segmentation and additional security controls, impact is limited to DNS filtering bypass only.

🌐 Internet-Facing: MEDIUM - Requires Apple devices to trigger the bypass, but remote unauthenticated access makes internet-facing devices vulnerable.

🏢 Internal Only: MEDIUM - Internal Apple devices could be used to bypass DNS filtering policies within the network.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Vulnerability is triggered by Apple devices making DNS requests. No authentication required for exploitation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: FortiOS 7.6.1, 7.4.8, 7.2.7, 7.0.14, 6.4.15; FortiProxy 7.6.2, 7.4.9, 7.2.8, 7.0.15

Vendor Advisory: https://fortiguard.fortinet.com/psirt/FG-IR-24-053

Restart Required: Yes

Instructions:

1. Download appropriate firmware version from Fortinet support portal. 2. Backup current configuration. 3. Upload and install firmware update via web interface or CLI. 4. Reboot device after installation. 5. Verify DNS filtering functionality.

🔧 Temporary Workarounds

Restrict Apple Device Access

all

Temporarily block or restrict Apple devices from accessing DNS filtering services

config firewall address
edit apple-device-block
set type ipmask
set subnet 192.168.1.0 255.255.255.0
next
config firewall policy
edit 0
set srcaddr apple-device-block
set action deny
set service DNS
end

Enable Additional DNS Security

all

Implement DNSSEC or use additional DNS security layers

config system dns-database
edit dnssec-profile
set dnssec enable
set dnssec-mode validate
end

🧯 If You Can't Patch

Implement network segmentation to isolate Apple devices from critical resources
Deploy additional DNS filtering solutions as a compensating control

🔍 How to Verify

Check if Vulnerable:

Check FortiOS/FortiProxy version via web interface or CLI. If running affected versions and DNS filtering is enabled, system is vulnerable.

Check Version:

get system status | grep Version

Verify Fix Applied:

After patching, test DNS filtering with Apple devices to confirm bypass is no longer possible.

📡 Detection & Monitoring

Log Indicators:

DNS queries from Apple devices bypassing filter policies
Unexpected successful DNS resolutions to blocked domains

Network Indicators:

DNS traffic from Apple devices to unexpected external resolvers
Increased DNS query volume from Apple devices

SIEM Query:

source="fortigate" (dns.query="*blocked-domain*" AND device.vendor="Apple")

📊 Metadata

CVE ID: CVE-2024-55599

CVSS v3 Score: 5.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CWE: CWE-358

EPSS Score: 0.05% exploit probability (13.9th percentile)

Published: July 8, 2025

Last Updated: July 22, 2025

🔗 References

https://fortiguard.fortinet.com/psirt/FG-IR-24-053 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-55599, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Fortios by Fortinet

Fortios by Fortinet

Fortios by Fortinet

Fortiproxy by Fortinet

Fortiproxy by Fortinet

Fortisase by Fortinet

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Restrict Apple Device Access

Enable Additional DNS Security

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities