Main Vulnerability Database SB2017033018

SB2017033018 - Security Features in Fortinet, FortiOS

Published: March 30, 2017 Updated: August 8, 2020

Security Bulletin ID SB2017033018

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Security Features (CVE-ID: CVE-2016-7541)

The vulnerability allows a remote non-authenticated attacker to manipulate data.

Long lived sessions in Fortinet FortiGate devices with FortiOS 5.x before 5.4.0 could violate a security policy during IPS signature updates when the FortiGate's IPSengine is configured in flow mode. All FortiGate versions with IPS configured in proxy mode (the default mode) are not affected.

Remediation

Install update from vendor's website.

References

http://fortiguard.com/advisory/FG-IR-16-088
http://www.securityfocus.com/bid/94477