CVE-2016-7541Fortinet Fortios vulnerability

CWE-2544 documents4 sources
Severity
5.9MEDIUMNVD
EPSS
0.2%
top 54.42%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Fortinet Fortios
Timeline
PublishedMar 30
Latest updateMay 17

Description

Long lived sessions in Fortinet FortiGate devices with FortiOS 5.x before 5.4.0 could violate a security policy during IPS signature updates when the FortiGate's IPSengine is configured in flow mode. All FortiGate versions with IPS configured in proxy mode (the default mode) are not affected.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages2 packages

CVEListV5fortinet/fortios5.0.x, 5.2.x
NVDfortinet/fortios26 versions+25

🔴Vulnerability Details

2
GHSA
GHSA-5qrm-hvcf-q4hg: Long lived sessions in Fortinet FortiGate devices with FortiOS 52022-05-17
CVEList
CVE-2016-7541: Long lived sessions in Fortinet FortiGate devices with FortiOS 52017-03-30

📋Vendor Advisories

1
Fortinet
Long lived sessions in Fortinet FortiGate devices with FortiOS 5.x before 5.4.0 could violate a security policy during I...2017-03-30
CVE-2016-7541 — Fortinet Fortios vulnerability | cvebase