cvelistv5 - cve-2016-6909

CVE-2016-6909 (GCVE-0-2016-6909)

Vulnerability from cvelistv5 – Published: 2016-08-24 16:00 – Updated: 2024-08-06 01:43

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://fortiguard.com/advisory/FG-IR-16-023	x_refsource_CONFIRM
	https://musalbas.com/2016/08/16/equation-group-fi…	x_refsource_MISC
	http://www.securitytracker.com/id/1036643	vdb-entryx_refsource_SECTRACK
	http://packetstormsecurity.com/files/138387/EGREG…	x_refsource_MISC
	https://www.exploit-db.com/exploits/40276/	exploitx_refsource_EXPLOIT-DB
	http://www.securityfocus.com/bid/92523	vdb-entryx_refsource_BID

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T01:43:38.599Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://fortiguard.com/advisory/FG-IR-16-023"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://musalbas.com/2016/08/16/equation-group-firewall-operations-catalogue.html"
          },
          {
            "name": "1036643",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1036643"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/138387/EGREGIOUSBLUNDER-Fortigate-Remote-Code-Execution.html"
          },
          {
            "name": "40276",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/40276/"
          },
          {
            "name": "92523",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/92523"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-08-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Buffer overflow in the Cookie parser in Fortinet FortiOS 4.x before 4.1.11, 4.2.x before 4.2.13, and 4.3.x before 4.3.9 and FortiSwitch before 3.4.3 allows remote attackers to execute arbitrary code via a crafted HTTP request, aka EGREGIOUSBLUNDER."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-08-24T15:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://fortiguard.com/advisory/FG-IR-16-023"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://musalbas.com/2016/08/16/equation-group-firewall-operations-catalogue.html"
        },
        {
          "name": "1036643",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1036643"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/138387/EGREGIOUSBLUNDER-Fortigate-Remote-Code-Execution.html"
        },
        {
          "name": "40276",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/40276/"
        },
        {
          "name": "92523",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/92523"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-6909",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Buffer overflow in the Cookie parser in Fortinet FortiOS 4.x before 4.1.11, 4.2.x before 4.2.13, and 4.3.x before 4.3.9 and FortiSwitch before 3.4.3 allows remote attackers to execute arbitrary code via a crafted HTTP request, aka EGREGIOUSBLUNDER."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://fortiguard.com/advisory/FG-IR-16-023",
              "refsource": "CONFIRM",
              "url": "http://fortiguard.com/advisory/FG-IR-16-023"
            },
            {
              "name": "https://musalbas.com/2016/08/16/equation-group-firewall-operations-catalogue.html",
              "refsource": "MISC",
              "url": "https://musalbas.com/2016/08/16/equation-group-firewall-operations-catalogue.html"
            },
            {
              "name": "1036643",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1036643"
            },
            {
              "name": "http://packetstormsecurity.com/files/138387/EGREGIOUSBLUNDER-Fortigate-Remote-Code-Execution.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/138387/EGREGIOUSBLUNDER-Fortigate-Remote-Code-Execution.html"
            },
            {
              "name": "40276",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/40276/"
            },
            {
              "name": "92523",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/92523"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2016-6909",
    "datePublished": "2016-08-24T16:00:00",
    "dateReserved": "2016-08-22T00:00:00",
    "dateUpdated": "2024-08-06T01:43:38.599Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"4.1.0\", \"versionEndExcluding\": \"4.1.11\", \"matchCriteriaId\": \"51D04470-D6AE-49E1-8716-D4C6A0C886E9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"4.2.0\", \"versionEndExcluding\": \"4.2.13\", \"matchCriteriaId\": \"10E36920-CDE6-49B2-83D2-CDA51787047D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"4.3.0\", \"versionEndExcluding\": \"4.3.9\", \"matchCriteriaId\": \"775894ED-A48E-4671-87FE-95EC83CBE507\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fortinet:fortiswitch:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"3.4.2\", \"matchCriteriaId\": \"A38ED363-9836-4F42-AB45-655706FFFF82\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Buffer overflow in the Cookie parser in Fortinet FortiOS 4.x before 4.1.11, 4.2.x before 4.2.13, and 4.3.x before 4.3.9 and FortiSwitch before 3.4.3 allows remote attackers to execute arbitrary code via a crafted HTTP request, aka EGREGIOUSBLUNDER.\"}, {\"lang\": \"es\", \"value\": \"Desbordamiento de b\\u00fafer en el analizador Cookie en Fortinet FortiOS 4.x en versiones anteriores a 4.1.11, 4.2.x en versiones anteriores a 4.2.13 y 4.3.x en versiones anteriores a 4.3.9 y FortiSwitch en versiones anteriores a 3.4.3 permite a atacantes remotos ejecutar c\\u00f3digo arbitrario a trav\\u00e9s de una petici\\u00f3n HTTP manipulada, tambi\\u00e9n conocido como EGREGIOUSBLUNDER.\"}]",
      "id": "CVE-2016-6909",
      "lastModified": "2024-11-21T02:57:04.620",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:C/I:C/A:C\", \"baseScore\": 10.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2016-08-24T16:30:00.137",
      "references": "[{\"url\": \"http://fortiguard.com/advisory/FG-IR-16-023\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://packetstormsecurity.com/files/138387/EGREGIOUSBLUNDER-Fortigate-Remote-Code-Execution.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securityfocus.com/bid/92523\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1036643\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://musalbas.com/2016/08/16/equation-group-firewall-operations-catalogue.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.exploit-db.com/exploits/40276/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://fortiguard.com/advisory/FG-IR-16-023\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://packetstormsecurity.com/files/138387/EGREGIOUSBLUNDER-Fortigate-Remote-Code-Execution.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securityfocus.com/bid/92523\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1036643\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://musalbas.com/2016/08/16/equation-group-firewall-operations-catalogue.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.exploit-db.com/exploits/40276/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\", \"VDB Entry\"]}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-119\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2016-6909\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2016-08-24T16:30:00.137\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Buffer overflow in the Cookie parser in Fortinet FortiOS 4.x before 4.1.11, 4.2.x before 4.2.13, and 4.3.x before 4.3.9 and FortiSwitch before 3.4.3 allows remote attackers to execute arbitrary code via a crafted HTTP request, aka EGREGIOUSBLUNDER.\"},{\"lang\":\"es\",\"value\":\"Desbordamiento de b\u00fafer en el analizador Cookie en Fortinet FortiOS 4.x en versiones anteriores a 4.1.11, 4.2.x en versiones anteriores a 4.2.13 y 4.3.x en versiones anteriores a 4.3.9 y FortiSwitch en versiones anteriores a 3.4.3 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de una petici\u00f3n HTTP manipulada, tambi\u00e9n conocido como EGREGIOUSBLUNDER.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":10.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.1.0\",\"versionEndExcluding\":\"4.1.11\",\"matchCriteriaId\":\"51D04470-D6AE-49E1-8716-D4C6A0C886E9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.2.0\",\"versionEndExcluding\":\"4.2.13\",\"matchCriteriaId\":\"10E36920-CDE6-49B2-83D2-CDA51787047D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.3.0\",\"versionEndExcluding\":\"4.3.9\",\"matchCriteriaId\":\"775894ED-A48E-4671-87FE-95EC83CBE507\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fortinet:fortiswitch:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"3.4.2\",\"matchCriteriaId\":\"A38ED363-9836-4F42-AB45-655706FFFF82\"}]}]}],\"references\":[{\"url\":\"http://fortiguard.com/advisory/FG-IR-16-023\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://packetstormsecurity.com/files/138387/EGREGIOUSBLUNDER-Fortigate-Remote-Code-Execution.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securityfocus.com/bid/92523\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1036643\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://musalbas.com/2016/08/16/equation-group-firewall-operations-catalogue.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.exploit-db.com/exploits/40276/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://fortiguard.com/advisory/FG-IR-16-023\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://packetstormsecurity.com/files/138387/EGREGIOUSBLUNDER-Fortigate-Remote-Code-Execution.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securityfocus.com/bid/92523\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1036643\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://musalbas.com/2016/08/16/equation-group-firewall-operations-catalogue.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.exploit-db.com/exploits/40276/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]}]}}"
  }
}

FKIE_CVE-2016-6909

Vulnerability from fkie_nvd - Published: 2016-08-24 16:30 - Updated: 2025-04-12 10:46

Severity ?

9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
cve@mitre.org	http://fortiguard.com/advisory/FG-IR-16-023	Vendor Advisory
cve@mitre.org	http://packetstormsecurity.com/files/138387/EGREGIOUSBLUNDER-Fortigate-Remote-Code-Execution.html	Exploit, Third Party Advisory, VDB Entry
cve@mitre.org	http://www.securityfocus.com/bid/92523	Third Party Advisory, VDB Entry
cve@mitre.org	http://www.securitytracker.com/id/1036643	Third Party Advisory, VDB Entry
cve@mitre.org	https://musalbas.com/2016/08/16/equation-group-firewall-operations-catalogue.html	Third Party Advisory
cve@mitre.org	https://www.exploit-db.com/exploits/40276/	Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://fortiguard.com/advisory/FG-IR-16-023	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/138387/EGREGIOUSBLUNDER-Fortigate-Remote-Code-Execution.html	Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/92523	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1036643	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://musalbas.com/2016/08/16/equation-group-firewall-operations-catalogue.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.exploit-db.com/exploits/40276/	Exploit, Third Party Advisory, VDB Entry

Impacted products

Vendor	Product	Version
fortinet	fortios	*
fortinet	fortios	*
fortinet	fortios	*
fortinet	fortiswitch	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "51D04470-D6AE-49E1-8716-D4C6A0C886E9",
              "versionEndExcluding": "4.1.11",
              "versionStartIncluding": "4.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "10E36920-CDE6-49B2-83D2-CDA51787047D",
              "versionEndExcluding": "4.2.13",
              "versionStartIncluding": "4.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "775894ED-A48E-4671-87FE-95EC83CBE507",
              "versionEndExcluding": "4.3.9",
              "versionStartIncluding": "4.3.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fortinet:fortiswitch:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A38ED363-9836-4F42-AB45-655706FFFF82",
              "versionEndIncluding": "3.4.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Buffer overflow in the Cookie parser in Fortinet FortiOS 4.x before 4.1.11, 4.2.x before 4.2.13, and 4.3.x before 4.3.9 and FortiSwitch before 3.4.3 allows remote attackers to execute arbitrary code via a crafted HTTP request, aka EGREGIOUSBLUNDER."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de b\u00fafer en el analizador Cookie en Fortinet FortiOS 4.x en versiones anteriores a 4.1.11, 4.2.x en versiones anteriores a 4.2.13 y 4.3.x en versiones anteriores a 4.3.9 y FortiSwitch en versiones anteriores a 3.4.3 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de una petici\u00f3n HTTP manipulada, tambi\u00e9n conocido como EGREGIOUSBLUNDER."
    }
  ],
  "id": "CVE-2016-6909",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-08-24T16:30:00.137",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://fortiguard.com/advisory/FG-IR-16-023"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/138387/EGREGIOUSBLUNDER-Fortigate-Remote-Code-Execution.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/92523"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1036643"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://musalbas.com/2016/08/16/equation-group-firewall-operations-catalogue.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/40276/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://fortiguard.com/advisory/FG-IR-16-023"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/138387/EGREGIOUSBLUNDER-Fortigate-Remote-Code-Execution.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/92523"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1036643"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://musalbas.com/2016/08/16/equation-group-firewall-operations-catalogue.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/40276/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CERTFR-2016-AVI-283

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité a été corrigée dans le micrologiciel Fortigate de Fortinet. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Fortinet	FortiGate	FortiGate (FOS) versions antérieures à 4.3.9
	Fortinet	FortiGate	La migration vers une version 5.x de FortiGate (FOS) est cependant recommandée lorsque celle-ci est possible

References

Title

Publication Time

Tags

Bulletin de sécurité Fortinet FG-IR-16-023 du 17 août 2016	None	vendor-advisory
Règle de détection réseau Emerging Threats	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "FortiGate (FOS) versions ant\u00e9rieures \u00e0 4.3.9",
      "product": {
        "name": "FortiGate",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "La migration vers une version 5.x de FortiGate (FOS) est cependant recommand\u00e9e lorsque celle-ci est possible",
      "product": {
        "name": "FortiGate",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2016-6909",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6909"
    }
  ],
  "links": [
    {
      "title": "R\u00e8gle de d\u00e9tection r\u00e9seau Emerging Threats",
      "url": "http://docs.emergingthreats.net/bin/view/Main/2023075"
    }
  ],
  "reference": "CERTFR-2016-AVI-283",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2016-08-18T00:00:00.000000"
    },
    {
      "description": "ajout CVE-2016-6909.",
      "revision_date": "2016-08-23T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans \u003cspan class=\"textit\"\u003ele\nmicrologiciel Fortigate de Fortinet\u003c/span\u003e. Elle permet \u00e0 un attaquant\nde provoquer une ex\u00e9cution de code arbitraire \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans le micrologiciel Fortigate de Fortinet",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-16-023 du 17 ao\u00fbt 2016",
      "url": "http://fortiguard.com/advisory/FG-IR-16-023"
    }
  ]
}

CERTFR-2016-AVI-283

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité a été corrigée dans le micrologiciel Fortigate de Fortinet. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Fortinet	FortiGate	FortiGate (FOS) versions antérieures à 4.3.9
	Fortinet	FortiGate	La migration vers une version 5.x de FortiGate (FOS) est cependant recommandée lorsque celle-ci est possible

References

Title

Publication Time

Tags

Bulletin de sécurité Fortinet FG-IR-16-023 du 17 août 2016	None	vendor-advisory
Règle de détection réseau Emerging Threats	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "FortiGate (FOS) versions ant\u00e9rieures \u00e0 4.3.9",
      "product": {
        "name": "FortiGate",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "La migration vers une version 5.x de FortiGate (FOS) est cependant recommand\u00e9e lorsque celle-ci est possible",
      "product": {
        "name": "FortiGate",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2016-6909",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6909"
    }
  ],
  "links": [
    {
      "title": "R\u00e8gle de d\u00e9tection r\u00e9seau Emerging Threats",
      "url": "http://docs.emergingthreats.net/bin/view/Main/2023075"
    }
  ],
  "reference": "CERTFR-2016-AVI-283",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2016-08-18T00:00:00.000000"
    },
    {
      "description": "ajout CVE-2016-6909.",
      "revision_date": "2016-08-23T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans \u003cspan class=\"textit\"\u003ele\nmicrologiciel Fortigate de Fortinet\u003c/span\u003e. Elle permet \u00e0 un attaquant\nde provoquer une ex\u00e9cution de code arbitraire \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans le micrologiciel Fortigate de Fortinet",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-16-023 du 17 ao\u00fbt 2016",
      "url": "http://fortiguard.com/advisory/FG-IR-16-023"
    }
  ]
}

GSD-2016-6909

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2016-6909

Aliases

CVE-2016-6909

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2016-6909",
    "description": "Buffer overflow in the Cookie parser in Fortinet FortiOS 4.x before 4.1.11, 4.2.x before 4.2.13, and 4.3.x before 4.3.9 and FortiSwitch before 3.4.3 allows remote attackers to execute arbitrary code via a crafted HTTP request, aka EGREGIOUSBLUNDER.",
    "id": "GSD-2016-6909"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2016-6909"
      ],
      "details": "Buffer overflow in the Cookie parser in Fortinet FortiOS 4.x before 4.1.11, 4.2.x before 4.2.13, and 4.3.x before 4.3.9 and FortiSwitch before 3.4.3 allows remote attackers to execute arbitrary code via a crafted HTTP request, aka EGREGIOUSBLUNDER.",
      "id": "GSD-2016-6909",
      "modified": "2023-12-13T01:21:23.549670Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2016-6909",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Buffer overflow in the Cookie parser in Fortinet FortiOS 4.x before 4.1.11, 4.2.x before 4.2.13, and 4.3.x before 4.3.9 and FortiSwitch before 3.4.3 allows remote attackers to execute arbitrary code via a crafted HTTP request, aka EGREGIOUSBLUNDER."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://fortiguard.com/advisory/FG-IR-16-023",
            "refsource": "CONFIRM",
            "url": "http://fortiguard.com/advisory/FG-IR-16-023"
          },
          {
            "name": "https://musalbas.com/2016/08/16/equation-group-firewall-operations-catalogue.html",
            "refsource": "MISC",
            "url": "https://musalbas.com/2016/08/16/equation-group-firewall-operations-catalogue.html"
          },
          {
            "name": "1036643",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1036643"
          },
          {
            "name": "http://packetstormsecurity.com/files/138387/EGREGIOUSBLUNDER-Fortigate-Remote-Code-Execution.html",
            "refsource": "MISC",
            "url": "http://packetstormsecurity.com/files/138387/EGREGIOUSBLUNDER-Fortigate-Remote-Code-Execution.html"
          },
          {
            "name": "40276",
            "refsource": "EXPLOIT-DB",
            "url": "https://www.exploit-db.com/exploits/40276/"
          },
          {
            "name": "92523",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/92523"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "4.1.11",
                "versionStartIncluding": "4.1.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "4.2.13",
                "versionStartIncluding": "4.2.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "4.3.9",
                "versionStartIncluding": "4.3.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortiswitch:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "3.4.2",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-6909"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Buffer overflow in the Cookie parser in Fortinet FortiOS 4.x before 4.1.11, 4.2.x before 4.2.13, and 4.3.x before 4.3.9 and FortiSwitch before 3.4.3 allows remote attackers to execute arbitrary code via a crafted HTTP request, aka EGREGIOUSBLUNDER."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-119"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://musalbas.com/2016/08/16/equation-group-firewall-operations-catalogue.html",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://musalbas.com/2016/08/16/equation-group-firewall-operations-catalogue.html"
            },
            {
              "name": "40276",
              "refsource": "EXPLOIT-DB",
              "tags": [
                "Exploit",
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "https://www.exploit-db.com/exploits/40276/"
            },
            {
              "name": "http://fortiguard.com/advisory/FG-IR-16-023",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://fortiguard.com/advisory/FG-IR-16-023"
            },
            {
              "name": "http://packetstormsecurity.com/files/138387/EGREGIOUSBLUNDER-Fortigate-Remote-Code-Execution.html",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://packetstormsecurity.com/files/138387/EGREGIOUSBLUNDER-Fortigate-Remote-Code-Execution.html"
            },
            {
              "name": "92523",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/92523"
            },
            {
              "name": "1036643",
              "refsource": "SECTRACK",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securitytracker.com/id/1036643"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2019-05-22T15:06Z",
      "publishedDate": "2016-08-24T16:30Z"
    }
  }
}

GHSA-F3WQ-8J4R-5P8M

Vulnerability from github – Published: 2022-05-14 01:00 – Updated: 2025-04-12 13:03

Details

Severity ?

9.8 (Critical)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2016-6909"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2016-08-24T16:30:00Z",
    "severity": "CRITICAL"
  },
  "details": "Buffer overflow in the Cookie parser in Fortinet FortiOS 4.x before 4.1.11, 4.2.x before 4.2.13, and 4.3.x before 4.3.9 and FortiSwitch before 3.4.3 allows remote attackers to execute arbitrary code via a crafted HTTP request, aka EGREGIOUSBLUNDER.",
  "id": "GHSA-f3wq-8j4r-5p8m",
  "modified": "2025-04-12T13:03:39Z",
  "published": "2022-05-14T01:00:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6909"
    },
    {
      "type": "WEB",
      "url": "https://musalbas.com/2016/08/16/equation-group-firewall-operations-catalogue.html"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/40276"
    },
    {
      "type": "WEB",
      "url": "http://fortiguard.com/advisory/FG-IR-16-023"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/138387/EGREGIOUSBLUNDER-Fortigate-Remote-Code-Execution.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/92523"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1036643"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

VAR-201608-0364

Vulnerability from variot - Updated: 2023-12-18 12:20

Buffer overflow in the Cookie parser in Fortinet FortiOS 4.x before 4.1.11, 4.2.x before 4.2.13, and 4.3.x before 4.3.9 and FortiSwitch before 3.4.3 allows remote attackers to execute arbitrary code via a crafted HTTP request, aka EGREGIOUSBLUNDER. Fortinet FortiOS and FortiSwitch of Cookie The parser contains a buffer overflow vulnerability. Fortinet FortiGate is a network security platform developed by Fortinet. The platform provides features such as firewall, anti-virus and intrusion prevention (IPS), application control, anti-spam, wireless controller and WAN acceleration. The vulnerability stems from the program not performing correct boundary checks on user-submitted input. An attacker could use this vulnerability to execute arbitrary code in the context of an affected application and may cause a denial of service. Fortinet FortiGate is prone to a buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer. Failed exploit attempts will result in denial-of-service conditions. The following versions are affected: Fortinet FortiGate 4.3.8 and prior Fortinet FortiGate 4.2.12 and prior Fortinet FortiGate 4.1.10 and prior. Fortinet FortiOS and FortiSwitch are products developed by Fortinet

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201608-0364",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "fortiswitch",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "3.4.2"
      },
      {
        "model": "fortios",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "4.2.13"
      },
      {
        "model": "fortios",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "4.2.0"
      },
      {
        "model": "fortios",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "4.1.11"
      },
      {
        "model": "fortios",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "4.3.0"
      },
      {
        "model": "fortios",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "4.1.0"
      },
      {
        "model": "fortios",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "4.3.9"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "fortinet",
        "version": "4.3.8"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "fortinet",
        "version": "4.2.12"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "fortinet",
        "version": "4.1.10"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "fortinet",
        "version": "4.1.11"
      },
      {
        "model": "fortios",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "fortinet",
        "version": "4.2.x"
      },
      {
        "model": "fortios",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "fortinet",
        "version": "4.3.x"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "fortinet",
        "version": "4.3.9"
      },
      {
        "model": "fortios",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "fortinet",
        "version": "4.x"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "fortinet",
        "version": "4.2.13"
      },
      {
        "model": "fortiswitch",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "fortinet",
        "version": "3.4.2"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "4.3"
      },
      {
        "model": "fortigate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "0"
      },
      {
        "model": "fortios",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "4.3.9"
      },
      {
        "model": "fortios",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "4.2.13"
      },
      {
        "model": "fortios",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "4.1.11"
      },
      {
        "model": "fortios",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "92523"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004445"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-6909"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201608-446"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "4.1.11",
                "versionStartIncluding": "4.1.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "4.2.13",
                "versionStartIncluding": "4.2.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "4.3.9",
                "versionStartIncluding": "4.3.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortiswitch:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "3.4.2",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-6909"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The vendor reported this issue.",
    "sources": [
      {
        "db": "BID",
        "id": "92523"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2016-6909",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 10.0,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "CVE-2016-6909",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "VHN-95729",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 9.8,
            "baseSeverity": "Critical",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2016-6909",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2016-6909",
            "trust": 1.8,
            "value": "CRITICAL"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201608-446",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULHUB",
            "id": "VHN-95729",
            "trust": 0.1,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2016-6909",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-95729"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-6909"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004445"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-6909"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201608-446"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Buffer overflow in the Cookie parser in Fortinet FortiOS 4.x before 4.1.11, 4.2.x before 4.2.13, and 4.3.x before 4.3.9 and FortiSwitch before 3.4.3 allows remote attackers to execute arbitrary code via a crafted HTTP request, aka EGREGIOUSBLUNDER. Fortinet FortiOS and FortiSwitch of Cookie The parser contains a buffer overflow vulnerability. Fortinet FortiGate is a network security platform developed by Fortinet. The platform provides features such as firewall, anti-virus and intrusion prevention (IPS), application control, anti-spam, wireless controller and WAN acceleration. The vulnerability stems from the program not performing correct boundary checks on user-submitted input. An attacker could use this vulnerability to execute arbitrary code in the context of an affected application and may cause a denial of service. Fortinet FortiGate is prone to a buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer. Failed  exploit attempts will result in denial-of-service conditions. \nThe following versions are affected:\nFortinet FortiGate 4.3.8 and prior\nFortinet FortiGate 4.2.12 and prior\nFortinet FortiGate 4.1.10 and prior. Fortinet FortiOS and FortiSwitch are products developed by Fortinet",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-6909"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004445"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201608-383"
      },
      {
        "db": "BID",
        "id": "92523"
      },
      {
        "db": "VULHUB",
        "id": "VHN-95729"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-6909"
      }
    ],
    "trust": 2.61
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-95729",
        "trust": 0.1,
        "type": "unknown"
      },
      {
        "reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=40276",
        "trust": 0.1,
        "type": "exploit"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-95729"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-6909"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "92523",
        "trust": 2.7
      },
      {
        "db": "NVD",
        "id": "CVE-2016-6909",
        "trust": 2.6
      },
      {
        "db": "EXPLOIT-DB",
        "id": "40276",
        "trust": 1.8
      },
      {
        "db": "PACKETSTORM",
        "id": "138387",
        "trust": 1.8
      },
      {
        "db": "SECTRACK",
        "id": "1036643",
        "trust": 1.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004445",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201608-446",
        "trust": 0.7
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201608-383",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-95729",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-6909",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-95729"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-6909"
      },
      {
        "db": "BID",
        "id": "92523"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004445"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-6909"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201608-383"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201608-446"
      }
    ]
  },
  "id": "VAR-201608-0364",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-95729"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T12:20:21.994000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Cookie Parser Buffer Overflow Vulnerability",
        "trust": 0.8,
        "url": "http://fortiguard.com/advisory/fg-ir-16-023"
      },
      {
        "title": "Fortinet FortiOS  and FortiSwitch Buffer Overflow Vulnerability Fix",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=63770"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004445"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201608-446"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-119",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-95729"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004445"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-6909"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.4,
        "url": "http://www.securityfocus.com/bid/92523"
      },
      {
        "trust": 1.9,
        "url": "https://www.exploit-db.com/exploits/40276/"
      },
      {
        "trust": 1.8,
        "url": "http://fortiguard.com/advisory/fg-ir-16-023"
      },
      {
        "trust": 1.8,
        "url": "http://packetstormsecurity.com/files/138387/egregiousblunder-fortigate-remote-code-execution.html"
      },
      {
        "trust": 1.8,
        "url": "https://musalbas.com/2016/08/16/equation-group-firewall-operations-catalogue.html"
      },
      {
        "trust": 1.8,
        "url": "http://www.securitytracker.com/id/1036643"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6909"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-6909"
      },
      {
        "trust": 0.3,
        "url": "http://www.fortinet.com/"
      },
      {
        "trust": 0.3,
        "url": "http://fortiguard.com/advisory/cookie-parser-buffer-overflow-vulnerability"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/119.html"
      },
      {
        "trust": 0.1,
        "url": "https://www.rapid7.com/db/vulnerabilities/fortios-cve-2016-6909"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=48526"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-95729"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-6909"
      },
      {
        "db": "BID",
        "id": "92523"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004445"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-6909"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201608-383"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201608-446"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-95729"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-6909"
      },
      {
        "db": "BID",
        "id": "92523"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004445"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-6909"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201608-383"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201608-446"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-08-24T00:00:00",
        "db": "VULHUB",
        "id": "VHN-95729"
      },
      {
        "date": "2016-08-24T00:00:00",
        "db": "VULMON",
        "id": "CVE-2016-6909"
      },
      {
        "date": "2016-08-17T00:00:00",
        "db": "BID",
        "id": "92523"
      },
      {
        "date": "2016-08-25T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-004445"
      },
      {
        "date": "2016-08-24T16:30:00.137000",
        "db": "NVD",
        "id": "CVE-2016-6909"
      },
      {
        "date": "2016-08-19T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201608-383"
      },
      {
        "date": "2016-08-25T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201608-446"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-05-22T00:00:00",
        "db": "VULHUB",
        "id": "VHN-95729"
      },
      {
        "date": "2019-05-22T00:00:00",
        "db": "VULMON",
        "id": "CVE-2016-6909"
      },
      {
        "date": "2016-08-17T00:00:00",
        "db": "BID",
        "id": "92523"
      },
      {
        "date": "2016-08-25T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-004445"
      },
      {
        "date": "2019-05-22T15:06:00.610000",
        "db": "NVD",
        "id": "CVE-2016-6909"
      },
      {
        "date": "2016-08-19T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201608-383"
      },
      {
        "date": "2019-05-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201608-446"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201608-383"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201608-446"
      }
    ],
    "trust": 1.2
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Fortinet FortiOS and  FortiSwitch of  Cookie Parser buffer overflow vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004445"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer overflow",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201608-383"
      }
    ],
    "trust": 0.6
  }
}

CNVD-2016-06454

Vulnerability from cnvd - Published: 2016-08-20

Title

Fortinet FortiGate缓冲区溢出漏洞

Description

Fortinet FortiGate是美国飞塔（Fortinet）公司开发的一套网络安全平台。该平台提供防火墙、防病毒和入侵防御（IPS）、应用控制、反垃圾邮件、无线控制器和广域网加速等功能。 Fortinet FortiGate 4.3.8及之前的版本、4.2.12和4.1.10及之前的版本中存在缓冲区溢出漏洞。由于程序未能对用户提交的输入执行正确的边界检查。攻击者可利用该漏洞在受影响应用程序上下文中执行任意代码，也可能造成拒绝服务。

Severity

高

Patch Name

Fortinet FortiGate缓冲区溢出漏洞的补丁

Patch Description

Formal description

目前厂商已经发布了升级补丁以修复此安全问题，补丁获取链接： http://fortiguard.com/advisory/cookie-parser-buffer-overflow-vulnerability

Reference

http://www.securityfocus.com/bid/92523

Impacted products

Name
['Fortinet FortiGate <=4.3.8', 'Fortinet FortiGate 4.2.12', 'Fortinet FortiGate <=4.1.10']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "92523"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-6909"
    }
  },
  "description": "Fortinet FortiGate\u662f\u7f8e\u56fd\u98de\u5854\uff08Fortinet\uff09\u516c\u53f8\u5f00\u53d1\u7684\u4e00\u5957\u7f51\u7edc\u5b89\u5168\u5e73\u53f0\u3002\u8be5\u5e73\u53f0\u63d0\u4f9b\u9632\u706b\u5899\u3001\u9632\u75c5\u6bd2\u548c\u5165\u4fb5\u9632\u5fa1\uff08IPS\uff09\u3001\u5e94\u7528\u63a7\u5236\u3001\u53cd\u5783\u573e\u90ae\u4ef6\u3001\u65e0\u7ebf\u63a7\u5236\u5668\u548c\u5e7f\u57df\u7f51\u52a0\u901f\u7b49\u529f\u80fd\u3002\r\n\r\nFortinet FortiGate 4.3.8\u53ca\u4e4b\u524d\u7684\u7248\u672c\u30014.2.12\u548c4.1.10\u53ca\u4e4b\u524d\u7684\u7248\u672c\u4e2d\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u3002\u7531\u4e8e\u7a0b\u5e8f\u672a\u80fd\u5bf9\u7528\u6237\u63d0\u4ea4\u7684\u8f93\u5165\u6267\u884c\u6b63\u786e\u7684\u8fb9\u754c\u68c0\u67e5\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u53d7\u5f71\u54cd\u5e94\u7528\u7a0b\u5e8f\u4e0a\u4e0b\u6587\u4e2d\u6267\u884c\u4efb\u610f\u4ee3\u7801\uff0c\u4e5f\u53ef\u80fd\u9020\u6210\u62d2\u7edd\u670d\u52a1\u3002",
  "discovererName": "Fortinet",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a \r\nhttp://fortiguard.com/advisory/cookie-parser-buffer-overflow-vulnerability",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-06454",
  "openTime": "2016-08-20",
  "patchDescription": "Fortinet FortiGate\u662f\u7f8e\u56fd\u98de\u5854\uff08Fortinet\uff09\u516c\u53f8\u5f00\u53d1\u7684\u4e00\u5957\u7f51\u7edc\u5b89\u5168\u5e73\u53f0\u3002\u8be5\u5e73\u53f0\u63d0\u4f9b\u9632\u706b\u5899\u3001\u9632\u75c5\u6bd2\u548c\u5165\u4fb5\u9632\u5fa1\uff08IPS\uff09\u3001\u5e94\u7528\u63a7\u5236\u3001\u53cd\u5783\u573e\u90ae\u4ef6\u3001\u65e0\u7ebf\u63a7\u5236\u5668\u548c\u5e7f\u57df\u7f51\u52a0\u901f\u7b49\u529f\u80fd\u3002\r\n\r\nFortinet FortiGate 4.3.8\u53ca\u4e4b\u524d\u7684\u7248\u672c\u30014.2.12\u548c4.1.10\u53ca\u4e4b\u524d\u7684\u7248\u672c\u4e2d\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u3002\u7531\u4e8e\u7a0b\u5e8f\u672a\u80fd\u5bf9\u7528\u6237\u63d0\u4ea4\u7684\u8f93\u5165\u6267\u884c\u6b63\u786e\u7684\u8fb9\u754c\u68c0\u67e5\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u53d7\u5f71\u54cd\u5e94\u7528\u7a0b\u5e8f\u4e0a\u4e0b\u6587\u4e2d\u6267\u884c\u4efb\u610f\u4ee3\u7801\uff0c\u4e5f\u53ef\u80fd\u9020\u6210\u62d2\u7edd\u670d\u52a1\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Fortinet FortiGate\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Fortinet FortiGate \u003c=4.3.8",
      "Fortinet FortiGate  4.2.12",
      "Fortinet FortiGate  \u003c=4.1.10"
    ]
  },
  "referenceLink": "http://www.securityfocus.com/bid/92523",
  "serverity": "\u9ad8",
  "submitTime": "2016-08-20",
  "title": "Fortinet FortiGate\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2016-6909 (GCVE-0-2016-6909)

FKIE_CVE-2016-6909

CERTFR-2016-AVI-283

Solution

CERTFR-2016-AVI-283

Solution

GSD-2016-6909

GHSA-F3WQ-8J4R-5P8M

VAR-201608-0364

CNVD-2016-06454

Tags

Sightings

Nomenclature