CVE-2016-6909

EUVD-2016-7794
Buffer overflow in the Cookie parser in Fortinet FortiOS 4.x before 4.1.11, 4.2.x before 4.2.13, and 4.3.x before 4.3.9 and FortiSwitch before 3.4.3 allows remote attackers to execute arbitrary code via a crafted HTTP request, aka EGREGIOUSBLUNDER.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 98%
Affected Products (NVD)
VendorProductVersion
fortinetfortios
4.1.0 ≤
𝑥
< 4.1.11
fortinetfortios
4.2.0 ≤
𝑥
< 4.2.13
fortinetfortios
4.3.0 ≤
𝑥
< 4.3.9
fortinetfortiswitch
𝑥
≤ 3.4.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://fortiguard.com/advisory/FG-IR-16-023
http://packetstormsecurity.com/files/138387/EGREGIOUSBLUNDER-Fortigate-Remote-Code-Execution.html
http://www.securityfocus.com/bid/92523
http://www.securitytracker.com/id/1036643
https://musalbas.com/2016/08/16/equation-group-firewall-operations-catalogue.html
https://www.exploit-db.com/exploits/40276/
http://fortiguard.com/advisory/FG-IR-16-023
http://packetstormsecurity.com/files/138387/EGREGIOUSBLUNDER-Fortigate-Remote-Code-Execution.html
http://www.securityfocus.com/bid/92523
http://www.securitytracker.com/id/1036643
https://musalbas.com/2016/08/16/equation-group-firewall-operations-catalogue.html
https://www.exploit-db.com/exploits/40276/