FortiOS flow-mode detection bypass under certain conditions Fortinet PSIRT Advisories Fortinet PSIRT Contact: Website: https://fortiguard.fortinet.com/faq/psirt-contact FG-IR-16-088 Final 1 1 2016-11-22T00:00:00 Current version 2016-11-22T00:00:00 2016-11-22T00:00:00 A FortiGate configured to use flow-based protection will stop monitoringnetwork sessions that are active when a scanning engine isreloaded after an update (nearly instantaneous process).This tends to impact long lived network sessions, with chances to be aliveduring and after an update, such as SMBv3 sessions. A FortiGate configured to use flow-based protection will stop monitoring network sessions that are active when a scanning engine is reloaded after an update (nearly instantaneous process).This tends to impact long lived network sessions, with chances to be alive during and after an update, such as SMBv3 sessions. Improper access control FortiOS version 5.0.xFortiOS version 5.2.x FortiGates in routed mode:Upgrade to FortiOS 5.4.0 or above, or stay in proxy-based protection mode (default).FortiGates in transparent mode:Upgrade to FortiOS 5.4.0 or above.For FortiOS 5.2 branch:Load FortiOS 5.2 compatible[] IPS engine 3.299 or above.[] Reach out to your local TAC for the compatibility support. We are pleased to thank Yves Bieri, Stefan Frei, Christof Jungo of the Swisscom security group, who discovered the issue while it was in the process of being fixed, and committed to responsible disclosure. CVE-2016-7541 4.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:X/RC:X https://fortiguard.fortinet.com/psirt/FG-IR-16-088 FortiOS flow-mode detection bypass under certain conditions Reference>