CVE-2016-6909
Published on: 08/24/2016 12:00:00 AM UTC
Last Modified on: 03/23/2021 11:27:11 PM UTC
Certain versions of Fortios from Fortinet contain the following vulnerability:
Buffer overflow in the Cookie parser in Fortinet FortiOS 4.x before 4.1.11, 4.2.x before 4.2.13, and 4.3.x before 4.3.9 and FortiSwitch before 3.4.3 allows remote attackers to execute arbitrary code via a crafted HTTP request, aka EGREGIOUSBLUNDER.
- CVE-2016-6909 has been assigned by
[email protected] to track the vulnerability - currently rated as - currently rated as CRITICAL severity.
CVSS3 Score: 9.8 - CRITICAL
Attack Vector ⓘ |
Attack Complexity |
Privileges Required |
User Interaction |
|
---|---|---|---|---|
NETWORK | LOW | NONE | NONE | |
Scope | Confidentiality Impact |
Integrity Impact |
Availability Impact |
|
UNCHANGED | HIGH | HIGH | HIGH |
CVSS2 Score: 10 - HIGH
Access Vector ⓘ |
Access Complexity |
Authentication |
---|---|---|
NETWORK | LOW | NONE |
Confidentiality Impact |
Integrity Impact |
Availability Impact |
COMPLETE | COMPLETE | COMPLETE |
CVE References
Description | Tags ⓘ | Link |
---|---|---|
Fortigate Firewalls - 'EGREGIOUSBLUNDER' Remote Code Execution | Exploit Third Party Advisory VDB Entry www.exploit-db.com Proof of Concept text/html |
![]() |
Cookie Parser Buffer Overflow Vulnerability | FortiGuard.com | Vendor Advisory fortiguard.com text/html |
![]() |
Fortinet FortiGate Cookie Parser Buffer Overflow Vulnerability | Third Party Advisory VDB Entry cve.report (archive) text/html |
![]() |
EGREGIOUSBLUNDER Fortigate Remote Code Execution ≈ Packet Storm | Exploit Third Party Advisory VDB Entry packetstormsecurity.com text/html |
![]() |
Fortinet FortiGate/FortiOS Buffer Overflow in Cookie Parser Lets Remote Users Execute Arbitrary Code - SecurityTracker | Third Party Advisory VDB Entry www.securitytracker.com text/html |
![]() |
Equation Group Firewall Operations Catalogue | Third Party Advisory musalbas.com text/html |
![]() |
There are currently no QIDs associated with this CVE
Known Affected Configurations (CPE V2.3)
Type | Vendor | Product | Version | Update | Edition | Language |
---|---|---|---|---|---|---|
Operating System | Fortinet | Fortios | All | All | All | All |
Operating System | Fortinet | Fortios | All | All | All | All |
Operating System | Fortinet | Fortiswitch | All | All | All | All |
- cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*:
- cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*:
- cpe:2.3:o:fortinet:fortiswitch:*:*:*:*:*:*:*:*:
No vendor comments have been submitted for this CVE