var-201703-0262
Vulnerability from variot
Long lived sessions in Fortinet FortiGate devices with FortiOS 5.x before 5.4.0 could violate a security policy during IPS signature updates when the FortiGate's IPSengine is configured in flow mode. All FortiGate versions with IPS configured in proxy mode (the default mode) are not affected. FortiOS Contains vulnerabilities related to security features.Information may be tampered with. FortiGate FortiOS is prone to a security-bypass vulnerability. Attackers can exploit this issue to bypass certain security restrictions to perform unauthorized actions. This may aid in further attacks. Fortinet FortiOS is a set of security operating systems developed by Fortinet Corporation for the FortiGate network security platform. The system provides users with various security functions such as firewall, anti-virus, IPSec/SSL VPN, Web content filtering and anti-spam. Fortinet has a security vulnerability in FortiOS versions 5.2.x prior to 5.2.10 GA and Long lived sessions in versions 5.4.x prior to 5.4.2 GA
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201703-0262",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fortios",
"scope": "eq",
"trust": 1.9,
"vendor": "fortinet",
"version": "5.2.6"
},
{
"model": "fortios",
"scope": "eq",
"trust": 1.9,
"vendor": "fortinet",
"version": "5.2.5"
},
{
"model": "fortios",
"scope": "eq",
"trust": 1.9,
"vendor": "fortinet",
"version": "5.2.4"
},
{
"model": "fortios",
"scope": "eq",
"trust": 1.9,
"vendor": "fortinet",
"version": "5.2.3"
},
{
"model": "fortios",
"scope": "eq",
"trust": 1.9,
"vendor": "fortinet",
"version": "5.2.2"
},
{
"model": "fortios",
"scope": "eq",
"trust": 1.6,
"vendor": "fortinet",
"version": "5.2.7"
},
{
"model": "fortios",
"scope": "eq",
"trust": 1.6,
"vendor": "fortinet",
"version": "5.2.10"
},
{
"model": "fortios",
"scope": "eq",
"trust": 1.6,
"vendor": "fortinet",
"version": "5.0.14"
},
{
"model": "fortios",
"scope": "eq",
"trust": 1.6,
"vendor": "fortinet",
"version": "5.2.9"
},
{
"model": "fortios",
"scope": "eq",
"trust": 1.6,
"vendor": "fortinet",
"version": "5.2.8"
},
{
"model": "fortios",
"scope": "eq",
"trust": 1.3,
"vendor": "fortinet",
"version": "5.2.1"
},
{
"model": "fortios",
"scope": "eq",
"trust": 1.3,
"vendor": "fortinet",
"version": "5.0.13"
},
{
"model": "fortios",
"scope": "eq",
"trust": 1.3,
"vendor": "fortinet",
"version": "5.0.9"
},
{
"model": "fortios",
"scope": "eq",
"trust": 1.3,
"vendor": "fortinet",
"version": "5.0.8"
},
{
"model": "fortios",
"scope": "eq",
"trust": 1.3,
"vendor": "fortinet",
"version": "5.0.7"
},
{
"model": "fortios",
"scope": "eq",
"trust": 1.3,
"vendor": "fortinet",
"version": "5.0.3"
},
{
"model": "fortios",
"scope": "eq",
"trust": 1.3,
"vendor": "fortinet",
"version": "5.0.2"
},
{
"model": "fortios",
"scope": "eq",
"trust": 1.3,
"vendor": "fortinet",
"version": "5.0.1"
},
{
"model": "fortios",
"scope": "eq",
"trust": 1.3,
"vendor": "fortinet",
"version": "5.2.0"
},
{
"model": "fortios",
"scope": "eq",
"trust": 1.3,
"vendor": "fortinet",
"version": "5.0.6"
},
{
"model": "fortios",
"scope": "eq",
"trust": 1.3,
"vendor": "fortinet",
"version": "5.0.5"
},
{
"model": "fortios",
"scope": "eq",
"trust": 1.3,
"vendor": "fortinet",
"version": "5.0.4"
},
{
"model": "fortios",
"scope": "eq",
"trust": 1.3,
"vendor": "fortinet",
"version": "5.0.12"
},
{
"model": "fortios",
"scope": "eq",
"trust": 1.3,
"vendor": "fortinet",
"version": "5.0.11"
},
{
"model": "fortios",
"scope": "eq",
"trust": 1.1,
"vendor": "fortinet",
"version": "5.4.0"
},
{
"model": "fortios",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": "5.0.10"
},
{
"model": "fortios",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": "5.0.0"
},
{
"model": "fortios",
"scope": "lt",
"trust": 0.8,
"vendor": "fortinet",
"version": "5.x"
},
{
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "5.4.1"
},
{
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "5.0"
},
{
"model": "fortios",
"scope": "ne",
"trust": 0.3,
"vendor": "fortinet",
"version": "5.4.2"
}
],
"sources": [
{
"db": "BID",
"id": "94477"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008201"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-600"
},
{
"db": "NVD",
"id": "CVE-2016-7541"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:fortinet:fortios",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008201"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Yves Bieri, Stefan Frei, Christof Jungo of the Swisscom",
"sources": [
{
"db": "BID",
"id": "94477"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-600"
}
],
"trust": 0.9
},
"cve": "CVE-2016-7541",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2016-7541",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-96361",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.2,
"id": "CVE-2016-7541",
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-7541",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2016-7541",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201611-600",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-96361",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-96361"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008201"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-600"
},
{
"db": "NVD",
"id": "CVE-2016-7541"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Long lived sessions in Fortinet FortiGate devices with FortiOS 5.x before 5.4.0 could violate a security policy during IPS signature updates when the FortiGate\u0027s IPSengine is configured in flow mode. All FortiGate versions with IPS configured in proxy mode (the default mode) are not affected. FortiOS Contains vulnerabilities related to security features.Information may be tampered with. FortiGate FortiOS is prone to a security-bypass vulnerability. \nAttackers can exploit this issue to bypass certain security restrictions to perform unauthorized actions. This may aid in further attacks. Fortinet FortiOS is a set of security operating systems developed by Fortinet Corporation for the FortiGate network security platform. The system provides users with various security functions such as firewall, anti-virus, IPSec/SSL VPN, Web content filtering and anti-spam. Fortinet has a security vulnerability in FortiOS versions 5.2.x prior to 5.2.10 GA and Long lived sessions in versions 5.4.x prior to 5.4.2 GA",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-7541"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008201"
},
{
"db": "BID",
"id": "94477"
},
{
"db": "VULHUB",
"id": "VHN-96361"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-7541",
"trust": 2.8
},
{
"db": "BID",
"id": "94477",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008201",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201611-600",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-96361",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-96361"
},
{
"db": "BID",
"id": "94477"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008201"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-600"
},
{
"db": "NVD",
"id": "CVE-2016-7541"
}
]
},
"id": "VAR-201703-0262",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-96361"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:56:15.335000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "FortiOS flow-mode detection bypass under certain conditions",
"trust": 0.8,
"url": "https://www.fortiguard.com/psirt/FG-IR-16-088"
},
{
"title": "Fortinet FortiOS Repair measures for security bypass vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=66041"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008201"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-600"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-254",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-96361"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008201"
},
{
"db": "NVD",
"id": "CVE-2016-7541"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/94477"
},
{
"trust": 1.7,
"url": "http://fortiguard.com/advisory/fg-ir-16-088"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7541"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-7541"
},
{
"trust": 0.3,
"url": "http://www.fortinet.com/products/fortigate_overview.html"
},
{
"trust": 0.3,
"url": "http://fortiguard.com/advisory/fortios-flow-mode-detection-bypass-under-certain-conditions"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-96361"
},
{
"db": "BID",
"id": "94477"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008201"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-600"
},
{
"db": "NVD",
"id": "CVE-2016-7541"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-96361"
},
{
"db": "BID",
"id": "94477"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008201"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-600"
},
{
"db": "NVD",
"id": "CVE-2016-7541"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-03-30T00:00:00",
"db": "VULHUB",
"id": "VHN-96361"
},
{
"date": "2016-11-22T00:00:00",
"db": "BID",
"id": "94477"
},
{
"date": "2017-04-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008201"
},
{
"date": "2016-11-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201611-600"
},
{
"date": "2017-03-30T14:59:00.150000",
"db": "NVD",
"id": "CVE-2016-7541"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-04T00:00:00",
"db": "VULHUB",
"id": "VHN-96361"
},
{
"date": "2016-11-24T01:15:00",
"db": "BID",
"id": "94477"
},
{
"date": "2017-04-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008201"
},
{
"date": "2017-03-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201611-600"
},
{
"date": "2024-11-21T02:58:10.793000",
"db": "NVD",
"id": "CVE-2016-7541"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201611-600"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FortiOS Vulnerabilities related to security functions",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008201"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201611-600"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.