Buffer overflow in the Cookie parser in Fortinet FortiOS 4.x before 4.1.11, 4.2.x before 4.2.13, and 4.3.x before 4.3.9 and FortiSwitch before 3.4.3 allows remote attackers to execute arbitrary code via a crafted HTTP request, aka EGREGIOUSBLUNDER.
CVSS v3.0 Score
9.8
/ 10.0
CRITICAL
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Information
- Published
- 24 août 2016
- Updated
- 12 avr. 2025
- Status
- Deferred
- Source
- cve@mitre.org
Affected products
fortinet fortiosAll Fortinet FortiOS CVEs →
Versions : 4.1.11, 4.2.13, 4.3.9
fortinet fortiswitch
Versions : 3.4.2
Weaknesses (CWE)
CWE-119
References (12)
- http://fortiguard.com/advisory/FG-IR-16-023Vendor Advisory
- http://packetstormsecurity.com/files/138387/EGREGIOUSBLUNDER-Fortigate-Remote-Code-Execution.htmlExploitThird Party AdvisoryVDB Entry
- http://www.securityfocus.com/bid/92523Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1036643Third Party AdvisoryVDB Entry
- https://www.exploit-db.com/exploits/40276/ExploitThird Party AdvisoryVDB Entry
- http://fortiguard.com/advisory/FG-IR-16-023Vendor Advisory
- http://packetstormsecurity.com/files/138387/EGREGIOUSBLUNDER-Fortigate-Remote-Code-Execution.htmlExploitThird Party AdvisoryVDB Entry
- http://www.securityfocus.com/bid/92523Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1036643Third Party AdvisoryVDB Entry
- https://www.exploit-db.com/exploits/40276/ExploitThird Party AdvisoryVDB Entry
Similar CVEs
Other vulnerabilities of type CWE-119
Loading…
Monitor your products
Get automatic alerts for every new CVE affecting your equipment.