CVE-2016-7541

Name of the Vulnerable Software and Affected Versions FortiOS versions prior to 5.4.0

Description The issue is related to the cessation of monitoring active network sessions after an update to the scanning mechanism. This could allow a remote attacker to bypass security protections. The problem specifically affects long-lived sessions, such as SMBv3 sessions, when the IPS engine is configured in flow mode.

Recommendations For versions prior to 5.4.0, update to version 5.4.0 or later to resolve the issue. As a temporary workaround, consider configuring the IPS engine in proxy mode, which is not affected by this issue. Restrict access to long-lived network sessions to minimize the risk of exploitation until the update can be applied.