Main Vulnerability Database Vulnerabilities #VU39336

#VU39336 Security Features in FortiOS - CVE-2016-7541

Published: March 30, 2017 / Updated: August 8, 2020

Vulnerability identifier: #VU39336

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2016-7541

CWE-ID: CWE-254

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
FortiOS

Software vendor:
Fortinet, Inc

Description

The vulnerability allows a remote non-authenticated attacker to manipulate data.

Long lived sessions in Fortinet FortiGate devices with FortiOS 5.x before 5.4.0 could violate a security policy during IPS signature updates when the FortiGate's IPSengine is configured in flow mode. All FortiGate versions with IPS configured in proxy mode (the default mode) are not affected.

Remediation

Install update from vendor's website.

External links

http://fortiguard.com/advisory/FG-IR-16-088
http://www.securityfocus.com/bid/94477

#VU39336 Security Features in FortiOS - CVE-2016-7541

Description

Remediation

External links

Please verify you're human