CVE-2024-55599: FortiOS and FortiProxy DNS Filter Bypass via Apple Devices

CVE-2024-55599: FortiOS and FortiProxy Vulnerable to DNS Filter Bypass on Apple Devices

A critical vulnerability has been identified in FortiOS and FortiProxy, potentially allowing unauthenticated remote attackers to bypass DNS filters when using Apple devices. This could lead to users accessing malicious websites or circumventing intended content restrictions. Let's dive into the details.

Vulnerability Details

• CVE ID: CVE-2024-55599
• Description: An Improperly Implemented Security Check for Standard vulnerability [CWE-358] in FortiOS and FortiProxy allows a remote, unauthenticated user to bypass the DNS filter via Apple devices.
• CVSS Score: 5.3 (Medium)
• CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
• CVSS Explanation:
  • AV:N (Network): The vulnerability is exploitable over the network.
  • AC:L (Low): No special conditions or mitigating factors are present to make exploitation more difficult.
  • PR:N (None): No privileges are required to exploit the vulnerability.
  • UI:N (None): User interaction is not required to exploit the vulnerability.
  • S:U (Unchanged): An exploited vulnerability can only affect resources managed by the same security authority.
  • C:N (None): There is no impact to data confidentiality.
  • I:L (Low): There is a limited impact on data integrity.
  • A:N (None): There is no impact to system availability.
  This means an attacker can potentially modify the websites a user visits, but cannot read sensitive information or disrupt services.
• Exploit Requirements: An attacker needs to be able to send network traffic to a vulnerable FortiOS or FortiProxy instance, with a client utilizing Apple Devices. No authentication is required.
• Affected Products:
  • FortiOS version 7.6.0
  • FortiOS version 7.4.7 and below
  • FortiOS version 7.0 (all versions)
  • FortiOS version 6.4 (all versions)
  • FortiProxy version 7.6.1 and below
  • FortiProxy version 7.4.8 and below
  • FortiProxy version 7.2 (all versions)
  • FortiProxy version 7.0 (all versions)
• CWE: CWE-358 - Improperly Implemented Security Check for Standard
• CWE Explanation: This CWE signifies that the security checks implemented to enforce a standard or policy are either missing, incomplete, or flawed, leading to potential bypasses or vulnerabilities.

Timeline of Events

• Reported: Early 2024 (estimated)
• Published: 2025-07-08
• Analysis Awaited: As of 2025-07-08, further analysis is pending.

Exploitability & Real-World Risk

The vulnerability's exploitability is high due to the lack of authentication requirements. In real-world scenarios, this could be exploited by attackers to redirect users to phishing sites, serve malware, or bypass content filtering policies intended to protect users and the network. Given the widespread use of Apple devices and Fortinet products, the potential impact is significant.

Recommendations

Fortinet has not yet released specific patches or workarounds as the analysis is still pending. However, the following general recommendations can help mitigate the risk:

• Monitor for Updates: Stay informed about official Fortinet advisories and apply patches as soon as they become available.
• Network Segmentation: Implement network segmentation to limit the impact of a potential breach.
• Monitor Network Traffic: Closely monitor DNS traffic for anomalies that might indicate exploitation attempts.
• Consider Alternative DNS Filtering: If possible, consider alternative DNS filtering solutions as a temporary measure.

Technical Insight

The root cause of this vulnerability lies in how FortiOS and FortiProxy validate DNS requests originating from Apple devices. The improper security check allows attackers to craft DNS queries that circumvent the intended filtering rules. Further technical details will likely be available once Fortinet releases its official advisory.

Credit to Researcher(s)

Credit for the discovery of this vulnerability goes to Fortinet's Product Security Incident Response Team (PSIRT).

References

• Fortinet Advisory FG-IR-24-053

Tags

#CVE-2024-55599 #FortiOS #FortiProxy #DNSFilter #Apple #Security #Vulnerability

Summary: CVE-2024-55599 is a medium-severity vulnerability in FortiOS and FortiProxy that allows unauthenticated attackers to bypass DNS filters using Apple devices. This could lead to users accessing malicious websites or circumventing intended content restrictions. Monitor for updates and consider implementing network segmentation to mitigate the risk.

CVE ID: CVE-2024-55599

Risk Analysis: Successful exploitation could lead to users accessing malicious websites or circumventing content filtering policies. This may compromise user security and expose the network to threats.

Recommendation: Monitor Fortinet's advisories for official patches and workarounds. In the meantime, implement network segmentation and closely monitor DNS traffic for anomalies.

Timeline

• 2025-07-08: CVE Published

References

• https://fortiguard.fortinet.com/psirt/FG-IR-24-053