{"api_version":"1","generated_at":"2026-04-23T09:37:13+00:00","cve":"CVE-2016-6909","urls":{"html":"https://cve.report/CVE-2016-6909","api":"https://cve.report/api/cve/CVE-2016-6909.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2016-6909","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2016-6909"},"summary":{"title":"CVE-2016-6909","description":"Buffer overflow in the Cookie parser in Fortinet FortiOS 4.x before 4.1.11, 4.2.x before 4.2.13, and 4.3.x before 4.3.9 and FortiSwitch before 3.4.3 allows remote attackers to execute arbitrary code via a crafted HTTP request, aka EGREGIOUSBLUNDER.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2016-08-24 16:30:00","updated_at":"2019-05-22 15:06:00"},"problem_types":["CWE-119"],"metrics":[],"references":[{"url":"https://www.exploit-db.com/exploits/40276/","name":"40276","refsource":"EXPLOIT-DB","tags":["Exploit","Third Party Advisory","VDB Entry"],"title":"Fortigate Firewalls - 'EGREGIOUSBLUNDER' Remote Code Execution","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://fortiguard.com/advisory/FG-IR-16-023","name":"http://fortiguard.com/advisory/FG-IR-16-023","refsource":"CONFIRM","tags":["Vendor Advisory"],"title":"Cookie Parser Buffer Overflow Vulnerability | FortiGuard.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/92523","name":"92523","refsource":"BID","tags":["Third Party Advisory","VDB Entry"],"title":"Fortinet FortiGate Cookie Parser Buffer Overflow Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://packetstormsecurity.com/files/138387/EGREGIOUSBLUNDER-Fortigate-Remote-Code-Execution.html","name":"http://packetstormsecurity.com/files/138387/EGREGIOUSBLUNDER-Fortigate-Remote-Code-Execution.html","refsource":"MISC","tags":["Exploit","Third Party Advisory","VDB Entry"],"title":"EGREGIOUSBLUNDER Fortigate Remote Code Execution ≈ Packet Storm","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securitytracker.com/id/1036643","name":"1036643","refsource":"SECTRACK","tags":["Third Party Advisory","VDB Entry"],"title":"Fortinet FortiGate/FortiOS Buffer Overflow in Cookie Parser Lets Remote Users Execute Arbitrary Code - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://musalbas.com/2016/08/16/equation-group-firewall-operations-catalogue.html","name":"https://musalbas.com/2016/08/16/equation-group-firewall-operations-catalogue.html","refsource":"MISC","tags":["Third Party Advisory"],"title":"Equation Group Firewall Operations Catalogue","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2016-6909","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-6909","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2016","cve_id":"6909","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fortinet","cpe5":"fortios","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"6909","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fortinet","cpe5":"fortios","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"6909","vulnerable":"1","versionEndIncluding":"3.4.2","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fortinet","cpe5":"fortiswitch","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2016-6909","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Buffer overflow in the Cookie parser in Fortinet FortiOS 4.x before 4.1.11, 4.2.x before 4.2.13, and 4.3.x before 4.3.9 and FortiSwitch before 3.4.3 allows remote attackers to execute arbitrary code via a crafted HTTP request, aka EGREGIOUSBLUNDER."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"http://fortiguard.com/advisory/FG-IR-16-023","refsource":"CONFIRM","url":"http://fortiguard.com/advisory/FG-IR-16-023"},{"name":"https://musalbas.com/2016/08/16/equation-group-firewall-operations-catalogue.html","refsource":"MISC","url":"https://musalbas.com/2016/08/16/equation-group-firewall-operations-catalogue.html"},{"name":"1036643","refsource":"SECTRACK","url":"http://www.securitytracker.com/id/1036643"},{"name":"http://packetstormsecurity.com/files/138387/EGREGIOUSBLUNDER-Fortigate-Remote-Code-Execution.html","refsource":"MISC","url":"http://packetstormsecurity.com/files/138387/EGREGIOUSBLUNDER-Fortigate-Remote-Code-Execution.html"},{"name":"40276","refsource":"EXPLOIT-DB","url":"https://www.exploit-db.com/exploits/40276/"},{"name":"92523","refsource":"BID","url":"http://www.securityfocus.com/bid/92523"}]}},"nvd":{"publishedDate":"2016-08-24 16:30:00","lastModifiedDate":"2019-05-22 15:06:00","problem_types":["CWE-119"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL"},"exploitabilityScore":3.9,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:C/I:C/A:C","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE","baseScore":10},"severity":"HIGH","exploitabilityScore":10,"impactScore":10,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*","versionStartIncluding":"4.1.0","versionEndExcluding":"4.1.11","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*","versionStartIncluding":"4.2.0","versionEndExcluding":"4.2.13","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*","versionStartIncluding":"4.3.0","versionEndExcluding":"4.3.9","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fortinet:fortiswitch:*:*:*:*:*:*:*:*","versionEndIncluding":"3.4.2","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2016","CveId":"6909","Ordinal":"93216","Title":"CVE-2016-6909","CVE":"CVE-2016-6909","Year":"2016"},"notes":[{"CveYear":"2016","CveId":"6909","Ordinal":"1","NoteData":"Buffer overflow in the Cookie parser in Fortinet FortiOS 4.x before 4.1.11, 4.2.x before 4.2.13, and 4.3.x before 4.3.9 and FortiSwitch before 3.4.3 allows remote attackers to execute arbitrary code via a crafted HTTP request, aka EGREGIOUSBLUNDER.","Type":"Description","Title":null},{"CveYear":"2016","CveId":"6909","Ordinal":"2","NoteData":"2016-08-24","Type":"Other","Title":"Published"},{"CveYear":"2016","CveId":"6909","Ordinal":"3","NoteData":"2016-08-24","Type":"Other","Title":"Modified"}]}}}