Buffer overflow in the Cookie parser in Fortinet FortiOS 4.x before 4.1.11, 4.2.x before 4.2.13, and 4.3.x before 4.3.9 and FortiSwitch before 3.4.3 allows remote attackers to execute arbitrary code via a crafted HTTP request, aka EGREGIOUSBLUNDER.
Score CVSS v3.0
9.8
/ 10.0
CRITICAL
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Informations
- Publié
- 24 août 2016
- Mis à jour
- 12 avr. 2025
- Statut
- Deferred
- Source
- cve@mitre.org
Produits affectés
fortinet fortiosToutes les CVE Fortinet FortiOS →
Versions : 4.1.11, 4.2.13, 4.3.9
fortinet fortiswitch
Versions : 3.4.2
Faiblesses (CWE)
CWE-119
Références (12)
- http://fortiguard.com/advisory/FG-IR-16-023Vendor Advisory
- http://packetstormsecurity.com/files/138387/EGREGIOUSBLUNDER-Fortigate-Remote-Code-Execution.htmlExploitThird Party AdvisoryVDB Entry
- http://www.securityfocus.com/bid/92523Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1036643Third Party AdvisoryVDB Entry
- https://www.exploit-db.com/exploits/40276/ExploitThird Party AdvisoryVDB Entry
- http://fortiguard.com/advisory/FG-IR-16-023Vendor Advisory
- http://packetstormsecurity.com/files/138387/EGREGIOUSBLUNDER-Fortigate-Remote-Code-Execution.htmlExploitThird Party AdvisoryVDB Entry
- http://www.securityfocus.com/bid/92523Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1036643Third Party AdvisoryVDB Entry
- https://www.exploit-db.com/exploits/40276/ExploitThird Party AdvisoryVDB Entry
CVEs similaires
Autres vulnérabilités de type CWE-119
Loading…
Surveillez vos produits
Recevez une alerte automatique à chaque nouvelle CVE affectant vos équipements.