CVE-2024-55599: 
FortiOS vulnerability analysis and mitigation

An Improperly Implemented Security Check for Standard vulnerability [CWE-358] was discovered in FortiOS and FortiProxy that affects multiple versions of these products. The vulnerability was identified on July 8, 2025, and assigned CVE-2024-55599. This security flaw affects FortiOS versions 7.6.0, 7.4.7 and below, 7.0 all versions, 6.4 all versions, and FortiProxy versions 7.6.1 and below, 7.4.8 and below, 7.2 all versions, and 7.0 all versions. The vulnerability was internally discovered by Jonathan Hurley from the Fortinet Consulting System Engineer team (Fortinet PSIRT, NVD).

The vulnerability is classified as an Improperly Implemented Security Check for Standard (CWE-358) with a CVSS v3.1 Base Score of 5.3 (Medium). The vulnerability specifically affects the DNS filter functionality when processing DNS type 65 resource record requests from Apple devices. This implementation flaw could allow unauthorized access to bypass security controls (Fortinet PSIRT).

The vulnerability allows a remote unauthenticated user to bypass the DNS filter specifically when using Apple devices. This bypass could potentially lead to unauthorized access and compromise of the security filtering mechanisms in place (Fortinet PSIRT).

Fortinet has released patches to address this vulnerability. Users are advised to upgrade to the following versions: FortiOS 7.6.1 or above for 7.6 branch, 7.4.8 or above for 7.4 branch, 7.2.11 or above for 7.2 branch. For FortiProxy, upgrade to version 7.6.2 or above for 7.6 branch, 7.4.9 or above for 7.4 branch. Users of FortiOS 7.0, 6.4, and FortiProxy 7.2, 7.0 should migrate to a fixed release. FortiSASE users should update to version 24.4.b (Fortinet PSIRT).