var-201608-0364
Vulnerability from variot
Buffer overflow in the Cookie parser in Fortinet FortiOS 4.x before 4.1.11, 4.2.x before 4.2.13, and 4.3.x before 4.3.9 and FortiSwitch before 3.4.3 allows remote attackers to execute arbitrary code via a crafted HTTP request, aka EGREGIOUSBLUNDER. Fortinet FortiOS and FortiSwitch of Cookie The parser contains a buffer overflow vulnerability. Fortinet FortiGate is a network security platform developed by Fortinet. The platform provides features such as firewall, anti-virus and intrusion prevention (IPS), application control, anti-spam, wireless controller and WAN acceleration. The vulnerability stems from the program not performing correct boundary checks on user-submitted input. An attacker could use this vulnerability to execute arbitrary code in the context of an affected application and may cause a denial of service. Fortinet FortiGate is prone to a buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer. Failed exploit attempts will result in denial-of-service conditions. The following versions are affected: Fortinet FortiGate 4.3.8 and prior Fortinet FortiGate 4.2.12 and prior Fortinet FortiGate 4.1.10 and prior. Fortinet FortiOS and FortiSwitch are products developed by Fortinet
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201608-0364", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "fortiswitch", "scope": "lte", "trust": 1.0, "vendor": "fortinet", "version": "3.4.2" }, { "model": "fortios", "scope": "lt", "trust": 1.0, "vendor": "fortinet", "version": "4.2.13" }, { "model": "fortios", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "4.2.0" }, { "model": "fortios", "scope": "lt", "trust": 1.0, "vendor": "fortinet", "version": "4.1.11" }, { "model": "fortios", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "4.3.0" }, { "model": "fortios", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "4.1.0" }, { "model": "fortios", "scope": "lt", "trust": 1.0, "vendor": "fortinet", "version": "4.3.9" }, { "model": "fortios", "scope": "eq", "trust": 0.9, "vendor": "fortinet", "version": "4.3.8" }, { "model": "fortios", "scope": "eq", "trust": 0.9, "vendor": "fortinet", "version": "4.2.12" }, { "model": "fortios", "scope": "eq", "trust": 0.9, "vendor": "fortinet", "version": "4.1.10" }, { "model": "fortios", "scope": "eq", "trust": 0.8, "vendor": "fortinet", "version": "4.1.11" }, { "model": "fortios", "scope": "lt", "trust": 0.8, "vendor": "fortinet", "version": "4.2.x" }, { "model": "fortios", "scope": "lt", "trust": 0.8, "vendor": "fortinet", "version": "4.3.x" }, { "model": "fortios", "scope": "eq", "trust": 0.8, "vendor": "fortinet", "version": "4.3.9" }, { "model": "fortios", "scope": "lt", "trust": 0.8, "vendor": "fortinet", "version": "4.x" }, { "model": "fortios", "scope": "eq", "trust": 0.8, "vendor": "fortinet", "version": "4.2.13" }, { "model": "fortiswitch", "scope": "eq", "trust": 0.6, "vendor": "fortinet", "version": "3.4.2" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "4.3" }, { "model": "fortigate", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "0" }, { "model": "fortios", "scope": "ne", "trust": 0.3, "vendor": "fortinet", "version": "4.3.9" }, { "model": "fortios", "scope": "ne", "trust": 0.3, "vendor": "fortinet", "version": "4.2.13" }, { "model": "fortios", "scope": "ne", "trust": 0.3, "vendor": "fortinet", "version": "4.1.11" }, { "model": "fortios", "scope": "ne", "trust": 0.3, "vendor": "fortinet", "version": "5.0" } ], "sources": [ { "db": "BID", "id": "92523" }, { "db": "JVNDB", "id": "JVNDB-2016-004445" }, { "db": "NVD", "id": "CVE-2016-6909" }, { "db": "CNNVD", "id": "CNNVD-201608-446" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.1.11", "versionStartIncluding": "4.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.2.13", "versionStartIncluding": "4.2.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.3.9", "versionStartIncluding": "4.3.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:fortinet:fortiswitch:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "3.4.2", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2016-6909" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "The vendor reported this issue.", "sources": [ { "db": "BID", "id": "92523" } ], "trust": 0.3 }, "cve": "CVE-2016-6909", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "impactScore": 10.0, "integrityImpact": "COMPLETE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Complete", "baseScore": 10.0, "confidentialityImpact": "Complete", "exploitabilityScore": null, "id": "CVE-2016-6909", "impactScore": null, "integrityImpact": "Complete", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "id": "VHN-95729", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 9.8, "baseSeverity": "Critical", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2016-6909", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2016-6909", "trust": 1.8, "value": "CRITICAL" }, { "author": "CNNVD", "id": "CNNVD-201608-446", "trust": 0.6, "value": "CRITICAL" }, { "author": "VULHUB", "id": "VHN-95729", "trust": 0.1, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2016-6909", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-95729" }, { "db": "VULMON", "id": "CVE-2016-6909" }, { "db": "JVNDB", "id": "JVNDB-2016-004445" }, { "db": "NVD", "id": "CVE-2016-6909" }, { "db": "CNNVD", "id": "CNNVD-201608-446" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Buffer overflow in the Cookie parser in Fortinet FortiOS 4.x before 4.1.11, 4.2.x before 4.2.13, and 4.3.x before 4.3.9 and FortiSwitch before 3.4.3 allows remote attackers to execute arbitrary code via a crafted HTTP request, aka EGREGIOUSBLUNDER. Fortinet FortiOS and FortiSwitch of Cookie The parser contains a buffer overflow vulnerability. Fortinet FortiGate is a network security platform developed by Fortinet. The platform provides features such as firewall, anti-virus and intrusion prevention (IPS), application control, anti-spam, wireless controller and WAN acceleration. The vulnerability stems from the program not performing correct boundary checks on user-submitted input. An attacker could use this vulnerability to execute arbitrary code in the context of an affected application and may cause a denial of service. Fortinet FortiGate is prone to a buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer. Failed exploit attempts will result in denial-of-service conditions. \nThe following versions are affected:\nFortinet FortiGate 4.3.8 and prior\nFortinet FortiGate 4.2.12 and prior\nFortinet FortiGate 4.1.10 and prior. Fortinet FortiOS and FortiSwitch are products developed by Fortinet", "sources": [ { "db": "NVD", "id": "CVE-2016-6909" }, { "db": "JVNDB", "id": "JVNDB-2016-004445" }, { "db": "CNNVD", "id": "CNNVD-201608-383" }, { "db": "BID", "id": "92523" }, { "db": "VULHUB", "id": "VHN-95729" }, { "db": "VULMON", "id": "CVE-2016-6909" } ], "trust": 2.61 }, "exploit_availability": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "reference": "https://www.scap.org.cn/vuln/vhn-95729", "trust": 0.1, "type": "unknown" }, { "reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=40276", "trust": 0.1, "type": "exploit" } ], "sources": [ { "db": "VULHUB", "id": "VHN-95729" }, { "db": "VULMON", "id": "CVE-2016-6909" } ] }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "BID", "id": "92523", "trust": 2.7 }, { "db": "NVD", "id": "CVE-2016-6909", "trust": 2.6 }, { "db": "EXPLOIT-DB", "id": "40276", "trust": 1.8 }, { "db": "PACKETSTORM", "id": "138387", "trust": 1.8 }, { "db": "SECTRACK", "id": "1036643", "trust": 1.8 }, { "db": "JVNDB", "id": "JVNDB-2016-004445", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201608-446", "trust": 0.7 }, { "db": "CNNVD", "id": "CNNVD-201608-383", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-95729", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2016-6909", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-95729" }, { "db": "VULMON", "id": "CVE-2016-6909" }, { "db": "BID", "id": "92523" }, { "db": "JVNDB", "id": "JVNDB-2016-004445" }, { "db": "NVD", "id": "CVE-2016-6909" }, { "db": "CNNVD", "id": "CNNVD-201608-383" }, { "db": "CNNVD", "id": "CNNVD-201608-446" } ] }, "id": "VAR-201608-0364", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-95729" } ], "trust": 0.01 }, "last_update_date": "2023-12-18T12:20:21.994000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Cookie Parser Buffer Overflow Vulnerability", "trust": 0.8, "url": "http://fortiguard.com/advisory/fg-ir-16-023" }, { "title": "Fortinet FortiOS and FortiSwitch Buffer Overflow Vulnerability Fix", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=63770" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2016-004445" }, { "db": "CNNVD", "id": "CNNVD-201608-446" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-119", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-95729" }, { "db": "JVNDB", "id": "JVNDB-2016-004445" }, { "db": "NVD", "id": "CVE-2016-6909" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.4, "url": "http://www.securityfocus.com/bid/92523" }, { "trust": 1.9, "url": "https://www.exploit-db.com/exploits/40276/" }, { "trust": 1.8, "url": "http://fortiguard.com/advisory/fg-ir-16-023" }, { "trust": 1.8, "url": "http://packetstormsecurity.com/files/138387/egregiousblunder-fortigate-remote-code-execution.html" }, { "trust": 1.8, "url": "https://musalbas.com/2016/08/16/equation-group-firewall-operations-catalogue.html" }, { "trust": 1.8, "url": "http://www.securitytracker.com/id/1036643" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6909" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-6909" }, { "trust": 0.3, "url": "http://www.fortinet.com/" }, { "trust": 0.3, "url": "http://fortiguard.com/advisory/cookie-parser-buffer-overflow-vulnerability" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/119.html" }, { "trust": 0.1, "url": "https://www.rapid7.com/db/vulnerabilities/fortios-cve-2016-6909" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=48526" } ], "sources": [ { "db": "VULHUB", "id": "VHN-95729" }, { "db": "VULMON", "id": "CVE-2016-6909" }, { "db": "BID", "id": "92523" }, { "db": "JVNDB", "id": "JVNDB-2016-004445" }, { "db": "NVD", "id": "CVE-2016-6909" }, { "db": "CNNVD", "id": "CNNVD-201608-383" }, { "db": "CNNVD", "id": "CNNVD-201608-446" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-95729" }, { "db": "VULMON", "id": "CVE-2016-6909" }, { "db": "BID", "id": "92523" }, { "db": "JVNDB", "id": "JVNDB-2016-004445" }, { "db": "NVD", "id": "CVE-2016-6909" }, { "db": "CNNVD", "id": "CNNVD-201608-383" }, { "db": "CNNVD", "id": "CNNVD-201608-446" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2016-08-24T00:00:00", "db": "VULHUB", "id": "VHN-95729" }, { "date": "2016-08-24T00:00:00", "db": "VULMON", "id": "CVE-2016-6909" }, { "date": "2016-08-17T00:00:00", "db": "BID", "id": "92523" }, { "date": "2016-08-25T00:00:00", "db": "JVNDB", "id": "JVNDB-2016-004445" }, { "date": "2016-08-24T16:30:00.137000", "db": "NVD", "id": "CVE-2016-6909" }, { "date": "2016-08-19T00:00:00", "db": "CNNVD", "id": "CNNVD-201608-383" }, { "date": "2016-08-25T00:00:00", "db": "CNNVD", "id": "CNNVD-201608-446" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-05-22T00:00:00", "db": "VULHUB", "id": "VHN-95729" }, { "date": "2019-05-22T00:00:00", "db": "VULMON", "id": "CVE-2016-6909" }, { "date": "2016-08-17T00:00:00", "db": "BID", "id": "92523" }, { "date": "2016-08-25T00:00:00", "db": "JVNDB", "id": "JVNDB-2016-004445" }, { "date": "2019-05-22T15:06:00.610000", "db": "NVD", "id": "CVE-2016-6909" }, { "date": "2016-08-19T00:00:00", "db": "CNNVD", "id": "CNNVD-201608-383" }, { "date": "2019-05-23T00:00:00", "db": "CNNVD", "id": "CNNVD-201608-446" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201608-383" }, { "db": "CNNVD", "id": "CNNVD-201608-446" } ], "trust": 1.2 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Fortinet FortiOS and FortiSwitch of Cookie Parser buffer overflow vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2016-004445" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer overflow", "sources": [ { "db": "CNNVD", "id": "CNNVD-201608-383" } ], "trust": 0.6 } }
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.