Details of VAR-201703-0262

ID

VAR-201703-0262

CVE

CVE-2016-7541

TITLE

FortiOS Vulnerabilities related to security functions

Trust: 0.8

sources: JVNDB: JVNDB-2016-008201

DESCRIPTION

Long lived sessions in Fortinet FortiGate devices with FortiOS 5.x before 5.4.0 could violate a security policy during IPS signature updates when the FortiGate's IPSengine is configured in flow mode. All FortiGate versions with IPS configured in proxy mode (the default mode) are not affected. FortiOS Contains vulnerabilities related to security features.Information may be tampered with. FortiGate FortiOS is prone to a security-bypass vulnerability. Attackers can exploit this issue to bypass certain security restrictions to perform unauthorized actions. This may aid in further attacks. Fortinet FortiOS is a set of security operating systems developed by Fortinet Corporation for the FortiGate network security platform. The system provides users with various security functions such as firewall, anti-virus, IPSec/SSL VPN, Web content filtering and anti-spam. Fortinet has a security vulnerability in FortiOS versions 5.2.x prior to 5.2.10 GA and Long lived sessions in versions 5.4.x prior to 5.4.2 GA

Trust: 1.98

sources: NVD: CVE-2016-7541 // JVNDB: JVNDB-2016-008201 // BID: 94477 // VULHUB: VHN-96361

AFFECTED PRODUCTS

vendor:	fortinet	model:	fortios	scope:	eq	version:	5.2.6	Trust: 1.9
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.2.5	Trust: 1.9
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.2.4	Trust: 1.9
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.2.3	Trust: 1.9
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.2.2	Trust: 1.9
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.2.7	Trust: 1.6
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.2.10	Trust: 1.6
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.0.14	Trust: 1.6
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.2.9	Trust: 1.6
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.2.8	Trust: 1.6
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.2.1	Trust: 1.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.0.13	Trust: 1.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.0.9	Trust: 1.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.0.8	Trust: 1.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.0.7	Trust: 1.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.0.3	Trust: 1.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.0.2	Trust: 1.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.0.1	Trust: 1.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.2.0	Trust: 1.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.0.6	Trust: 1.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.0.5	Trust: 1.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.0.4	Trust: 1.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.0.12	Trust: 1.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.0.11	Trust: 1.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.4.0	Trust: 1.1
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.0.10	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.0.0	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	lt	version:	5.x	Trust: 0.8
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.4.1	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.0	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	ne	version:	5.4.2	Trust: 0.3

sources: BID: 94477 // JVNDB: JVNDB-2016-008201 // CNNVD: CNNVD-201611-600 // NVD: CVE-2016-7541

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-7541
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2016-7541
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201611-600
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-96361
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2016-7541
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-96361
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-7541
baseSeverity:	MEDIUM
baseScore:	5.9
vectorString:	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	2.2
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-96361 // JVNDB: JVNDB-2016-008201 // CNNVD: CNNVD-201611-600 // NVD: CVE-2016-7541

PROBLEMTYPE DATA

problemtype:

CWE-254

Trust: 1.9

sources: VULHUB: VHN-96361 // JVNDB: JVNDB-2016-008201 // NVD: CVE-2016-7541

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201611-600

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201611-600

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-008201

PATCH

title:	FortiOS flow-mode detection bypass under certain conditions	url:	https://www.fortiguard.com/psirt/FG-IR-16-088	Trust: 0.8
title:	Fortinet FortiOS Repair measures for security bypass vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=66041	Trust: 0.6

sources: JVNDB: JVNDB-2016-008201 // CNNVD: CNNVD-201611-600

EXTERNAL IDS

db:	NVD	id:	CVE-2016-7541	Trust: 2.8
db:	BID	id:	94477	Trust: 2.0
db:	JVNDB	id:	JVNDB-2016-008201	Trust: 0.8
db:	CNNVD	id:	CNNVD-201611-600	Trust: 0.7
db:	VULHUB	id:	VHN-96361	Trust: 0.1

sources: VULHUB: VHN-96361 // BID: 94477 // JVNDB: JVNDB-2016-008201 // CNNVD: CNNVD-201611-600 // NVD: CVE-2016-7541

REFERENCES

url:	http://www.securityfocus.com/bid/94477	Trust: 1.7
url:	http://fortiguard.com/advisory/fg-ir-16-088	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7541	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2016-7541	Trust: 0.8
url:	http://www.fortinet.com/products/fortigate_overview.html	Trust: 0.3
url:	http://fortiguard.com/advisory/fortios-flow-mode-detection-bypass-under-certain-conditions	Trust: 0.3

sources: VULHUB: VHN-96361 // BID: 94477 // JVNDB: JVNDB-2016-008201 // CNNVD: CNNVD-201611-600 // NVD: CVE-2016-7541

CREDITS

Yves Bieri, Stefan Frei, Christof Jungo of the Swisscom

Trust: 0.9

sources: BID: 94477 // CNNVD: CNNVD-201611-600

SOURCES

db:	VULHUB	id:	VHN-96361
db:	BID	id:	94477
db:	JVNDB	id:	JVNDB-2016-008201
db:	CNNVD	id:	CNNVD-201611-600
db:	NVD	id:	CVE-2016-7541

LAST UPDATE DATE

2024-08-14T15:08:26.037000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-96361	date:	2017-04-04T00:00:00
db:	BID	id:	94477	date:	2016-11-24T01:15:00
db:	JVNDB	id:	JVNDB-2016-008201	date:	2017-04-28T00:00:00
db:	CNNVD	id:	CNNVD-201611-600	date:	2017-03-31T00:00:00
db:	NVD	id:	CVE-2016-7541	date:	2017-04-04T18:38:46.273

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-96361	date:	2017-03-30T00:00:00
db:	BID	id:	94477	date:	2016-11-22T00:00:00
db:	JVNDB	id:	JVNDB-2016-008201	date:	2017-04-28T00:00:00
db:	CNNVD	id:	CNNVD-201611-600	date:	2016-11-22T00:00:00
db:	NVD	id:	CVE-2016-7541	date:	2017-03-30T14:59:00.150