CVE-2016-7541

Long lived sessions in Fortinet FortiGate devices with FortiOS 5.x before 5.4.0 could violate a security policy during IPS signature updates when the FortiGate's IPSengine is configured in flow mode. All FortiGate versions with IPS configured in proxy mode (the default mode) are not affected.

Published: Mar 30, 2017
Updated: Apr 13, 2023
CVE: CVE-2016-7541
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.9
AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

CWEs:

CWE-254

Affected Software
References

Software	From	Fixed in
fortinet / fortios	5.2.7	5.2.7.x
fortinet / fortios	5.0.9	5.0.9.x
fortinet / fortios	5.0.14	5.0.14.x
fortinet / fortios	5.0.10	5.0.10.x
fortinet / fortios	5.2.9	5.2.9.x
fortinet / fortios	5.2.1	5.2.1.x
fortinet / fortios	5.0.5	5.0.5.x
fortinet / fortios	5.0.1	5.0.1.x
fortinet / fortios	5.0.13	5.0.13.x
fortinet / fortios	5.0.2	5.0.2.x
fortinet / fortios	5.2.10	5.2.10.x
fortinet / fortios	5.2.6	5.2.6.x
fortinet / fortios	5.2.4	5.2.4.x
fortinet / fortios	5.0.7	5.0.7.x
fortinet / fortios	5.0.4	5.0.4.x
fortinet / fortios	5.0.11	5.0.11.x
fortinet / fortios	5.0.8	5.0.8.x
fortinet / fortios	5.2.3	5.2.3.x
fortinet / fortios	5.2.5	5.2.5.x
fortinet / fortios	5.2.0	5.2.0.x
fortinet / fortios	5.2.2	5.2.2.x
fortinet / fortios	5.0.0	5.0.0.x
fortinet / fortios	5.0.12	5.0.12.x
fortinet / fortios	5.2.8	5.2.8.x
fortinet / fortios	5.0.3	5.0.3.x
fortinet / fortios	5.0.6	5.0.6.x

Vulnerability Database

290,020

CVE-2016-7541