Risk | Medium |
Patch available | YES |
Number of vulnerabilities | 1 |
CVE-ID | CVE-2016-7541 |
CWE-ID | CWE-254 |
Exploitation vector | Network |
Public exploit | N/A |
Vulnerable software Subscribe |
FortiOS Operating systems & Components / Operating system |
Vendor | Fortinet, Inc |
Security Bulletin
This security bulletin contains one medium risk vulnerability.
EUVDB-ID: #VU39336
Risk: Medium
CVSSv3.1: 5.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-7541
CWE-ID:
CWE-254 - Security Features
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to manipulate data.
Long lived sessions in Fortinet FortiGate devices with FortiOS 5.x before 5.4.0 could violate a security policy during IPS signature updates when the FortiGate's IPSengine is configured in flow mode. All FortiGate versions with IPS configured in proxy mode (the default mode) are not affected.
MitigationInstall update from vendor's website.
Vulnerable software versionsFortiOS: 5.0.0 - 5.2.10
External linkshttp://fortiguard.com/advisory/FG-IR-16-088
http://www.securityfocus.com/bid/94477
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.