CVE-2016-6909
published 2016-08-24CVE-2016-6909: Buffer overflow in the Cookie parser in Fortinet FortiOS 4.x before 4.1.11, 4.2.x before 4.2.13, and 4.3.x before 4.3.9 and FortiSwitch before 3.4.3 allows…
critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EXPLOIT
Buffer overflow in the Cookie parser in Fortinet FortiOS 4.x before 4.1.11, 4.2.x before 4.2.13, and 4.3.x before 4.3.9 and FortiSwitch before 3.4.3 allows remote attackers to execute arbitrary code via a crafted HTTP request, aka EGREGIOUSBLUNDER.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fortinet | fortios | >= 4.1.0 < 4.1.11 | 4.1.11 |
| fortinet | fortios | >= 4.2.0 < 4.2.13 | 4.2.13 |
| fortinet | fortios | >= 4.3.0 < 4.3.9 | 4.3.9 |
| fortinet | fortiswitch | <= 3.4.2 | — |
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vulncheck9.8CRITICAL