CVE-2016-7541

MEDIUM

Fortinet Fortios - Security Feature Bypass

Title source: rule

Description

Long lived sessions in Fortinet FortiGate devices with FortiOS 5.x before 5.4.0 could violate a security policy during IPS signature updates when the FortiGate's IPSengine is configured in flow mode. All FortiGate versions with IPS configured in proxy mode (the default mode) are not affected.

References (2)

[Not Applicable] http://fortiguard.com/advisory/FG-IR-16-088

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/94477

Scores

CVSS v3 5.9

EPSS 0.0023

EPSS Percentile 45.2%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Classification

CWE

CWE-254

Status published

Affected Products (27)

fortinet/fortios

... and 12 more

Timeline

Published Mar 30, 2017

Tracked Since Feb 18, 2026