CVE-2016-6909

CRITICAL EXPLOITED

Fortinet Fortios < 4.1.11 - Memory Corruption

Title source: rule

Description

Buffer overflow in the Cookie parser in Fortinet FortiOS 4.x before 4.1.11, 4.2.x before 4.2.13, and 4.3.x before 4.3.9 and FortiSwitch before 3.4.3 allows remote attackers to execute arbitrary code via a crafted HTTP request, aka EGREGIOUSBLUNDER.

Exploits (1)

exploitdb STUB

by Shadow Brokers · textwebappshardware

https://www.exploit-db.com/exploits/40276

View Code ZIP pw:eip

References (6)

[Vendor Advisory] http://fortiguard.com/advisory/FG-IR-16-023

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/138387/EGREGIOUSBLUNDER-Fortigate-Remote-Code-Execution.html

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/92523

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1036643

[Third Party Advisory] https://musalbas.com/2016/08/16/equation-group-firewall-operations-catalogue.html

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/40276/

Scores

CVSS v3 9.8

EPSS 0.6341

EPSS Percentile 98.4%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2016-09-28

CWE

CWE-119

Status published

Products (2)

fortinet/fortios 4.1.0 - 4.1.11

fortinet/fortiswitch < 3.4.2

Published Aug 24, 2016

Tracked Since Feb 18, 2026