vulnerability
Fortinet FortiOS: Improper Restriction of Operations within the Bounds of a Memory Buffer (CVE-2016-6909)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 10 | (AV:N/AC:L/Au:N/C:C/I:C/A:C) | Aug 24, 2016 | May 15, 2017 | Aug 11, 2025 |
Severity
10
CVSS
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Published
Aug 24, 2016
Added
May 15, 2017
Modified
Aug 11, 2025
Description
Buffer overflow in the Cookie parser in Fortinet FortiOS 4.x before 4.1.11, 4.2.x before 4.2.13, and 4.3.x before 4.3.9 and FortiSwitch before 3.4.3 allows remote attackers to execute arbitrary code via a crafted HTTP request, aka EGREGIOUSBLUNDER.
Solutions
fortios-upgrade-4_1_11fortios-upgrade-4_2_13fortios-upgrade-4_3_9
References
- CVE-2016-6909
- https://attackerkb.com/topics/CVE-2016-6909
- CWE-119
- URL-http://fortiguard.com/advisory/FG-IR-16-023
- URL-http://packetstormsecurity.com/files/138387/EGREGIOUSBLUNDER-Fortigate-Remote-Code-Execution.html
- URL-http://www.securityfocus.com/bid/92523
- URL-http://www.securitytracker.com/id/1036643
- URL-https://musalbas.com/2016/08/16/equation-group-firewall-operations-catalogue.html
- URL-https://www.exploit-db.com/exploits/40276/
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.