Fortinet FortiOS and FortiProxy Improper Security Check Vulnerability Allowing DNS Filter Bypass on Apple Devices

A vulnerability allowing remote unauthenticated users to bypass the DNS filter on Apple devices has been identified in Fortinet FortiOS and FortiProxy. This issue arises from an improperly implemented security check and affects FortiOS versions 7.6.0, 7.4.7 and below, 7.0 (all versions), 6.4 (all versions), as well as FortiProxy versions 7.6.1 and below, 7.4.8 and below, 7.2 (all versions) and 7.0 (all versions).

Impact

Exploitation of this vulnerability allows for improper access control, enabling users to bypass DNS filtering.

Remediation

Users can upgrade Fortinet FortiOS to versions 7.6.1, 7.4.8, 7.2.11 or migrate to a fixed release for versions 7.0 and 6.4. For Fortinet FortiProxy, users should upgrade to versions 7.6.2, 7.4.9, or migrate to a fixed release for versions 7.2 and 7.0. Fortinet SASE customers need not perform any action as the issue has been remediated in version 24.4.b.