Sign-up

ID

VAR-201608-0364


CVE

CVE-2016-6909


TITLE

Fortinet FortiOS and FortiSwitch of Cookie Parser buffer overflow vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2016-004445

DESCRIPTION

Buffer overflow in the Cookie parser in Fortinet FortiOS 4.x before 4.1.11, 4.2.x before 4.2.13, and 4.3.x before 4.3.9 and FortiSwitch before 3.4.3 allows remote attackers to execute arbitrary code via a crafted HTTP request, aka EGREGIOUSBLUNDER. Fortinet FortiOS and FortiSwitch of Cookie The parser contains a buffer overflow vulnerability. Fortinet FortiGate is a network security platform developed by Fortinet. The platform provides features such as firewall, anti-virus and intrusion prevention (IPS), application control, anti-spam, wireless controller and WAN acceleration. The vulnerability stems from the program not performing correct boundary checks on user-submitted input. An attacker could use this vulnerability to execute arbitrary code in the context of an affected application and may cause a denial of service. Fortinet FortiGate is prone to a buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer. Failed exploit attempts will result in denial-of-service conditions. The following versions are affected: Fortinet FortiGate 4.3.8 and prior Fortinet FortiGate 4.2.12 and prior Fortinet FortiGate 4.1.10 and prior. Fortinet FortiOS and FortiSwitch are products developed by Fortinet

Trust: 2.61

sources: NVD: CVE-2016-6909 // JVNDB: JVNDB-2016-004445 // CNNVD: CNNVD-201608-383 // BID: 92523 // VULHUB: VHN-95729 // VULMON: CVE-2016-6909

AFFECTED PRODUCTS

vendor:fortinetmodel:fortiosscope:ltversion:4.3.9

Trust: 1.0

vendor:fortinetmodel:fortiosscope:ltversion:4.2.13

Trust: 1.0

vendor:fortinetmodel:fortiosscope:gteversion:4.1.0

Trust: 1.0

vendor:fortinetmodel:fortiosscope:gteversion:4.2.0

Trust: 1.0

vendor:fortinetmodel:fortiosscope:gteversion:4.3.0

Trust: 1.0

vendor:fortinetmodel:fortiosscope:ltversion:4.1.11

Trust: 1.0

vendor:fortinetmodel:fortiswitchscope:lteversion:3.4.2

Trust: 1.0

vendor:fortinetmodel:fortiosscope:eqversion:4.3.8

Trust: 0.9

vendor:fortinetmodel:fortiosscope:eqversion:4.2.12

Trust: 0.9

vendor:fortinetmodel:fortiosscope:eqversion:4.1.10

Trust: 0.9

vendor:fortinetmodel:fortiosscope:eqversion:4.1.11

Trust: 0.8

vendor:fortinetmodel:fortiosscope:ltversion:4.2.x

Trust: 0.8

vendor:fortinetmodel:fortiosscope:ltversion:4.3.x

Trust: 0.8

vendor:fortinetmodel:fortiosscope:eqversion:4.3.9

Trust: 0.8

vendor:fortinetmodel:fortiosscope:ltversion:4.x

Trust: 0.8

vendor:fortinetmodel:fortiosscope:eqversion:4.2.13

Trust: 0.8

vendor:fortinetmodel:fortiswitchscope:eqversion:3.4.2

Trust: 0.6

vendor:fortinetmodel:fortiosscope:eqversion:4.3

Trust: 0.3

vendor:fortinetmodel:fortigatescope:eqversion:0

Trust: 0.3

vendor:fortinetmodel:fortiosscope:neversion:4.3.9

Trust: 0.3

vendor:fortinetmodel:fortiosscope:neversion:4.2.13

Trust: 0.3

vendor:fortinetmodel:fortiosscope:neversion:4.1.11

Trust: 0.3

vendor:fortinetmodel:fortiosscope:neversion:5.0

Trust: 0.3

sources: BID: 92523 // JVNDB: JVNDB-2016-004445 // CNNVD: CNNVD-201608-446 // NVD: CVE-2016-6909

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-6909
value: CRITICAL

Trust: 1.0

NVD: CVE-2016-6909
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201608-446
value: CRITICAL

Trust: 0.6

VULHUB: VHN-95729
value: HIGH

Trust: 0.1

VULMON: CVE-2016-6909
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2016-6909
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-95729
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-6909
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-95729 // VULMON: CVE-2016-6909 // JVNDB: JVNDB-2016-004445 // CNNVD: CNNVD-201608-446 // NVD: CVE-2016-6909

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-95729 // JVNDB: JVNDB-2016-004445 // NVD: CVE-2016-6909

THREAT TYPE

remote

Trust: 1.2

sources: CNNVD: CNNVD-201608-383 // CNNVD: CNNVD-201608-446

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201608-383

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-004445

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-95729 // 
            
            
            
            VULMON: CVE-2016-6909

PATCH
title:Cookie Parser Buffer Overflow Vulnerabilityurl:http://fortiguard.com/advisory/FG-IR-16-023
Trust: 0.8
title:Fortinet FortiOS  and FortiSwitch Buffer Overflow Vulnerability Fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=63770
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2016-004445 // 
            
            
            
            CNNVD: CNNVD-201608-446

EXTERNAL IDS
db:BIDid:92523
Trust: 2.7
db:NVDid:CVE-2016-6909
Trust: 2.6
db:EXPLOIT-DBid:40276
Trust: 1.8
db:PACKETSTORMid:138387
Trust: 1.8
db:SECTRACKid:1036643
Trust: 1.8
db:JVNDBid:JVNDB-2016-004445
Trust: 0.8
db:CNNVDid:CNNVD-201608-446
Trust: 0.7
db:CNNVDid:CNNVD-201608-383
Trust: 0.6
db:VULHUBid:VHN-95729
Trust: 0.1
db:VULMONid:CVE-2016-6909
Trust: 0.1
sources:
            
            
            VULHUB: VHN-95729 // 
            
            
            
            VULMON: CVE-2016-6909 // 
            
            
            
            BID: 92523 // 
            
            
            
            JVNDB: JVNDB-2016-004445 // 
            
            
            
            CNNVD: CNNVD-201608-383 // 
            
            
            
            CNNVD: CNNVD-201608-446 // 
            
            
            
            NVD: CVE-2016-6909

REFERENCES
url:http://www.securityfocus.com/bid/92523
Trust: 2.4
url:https://www.exploit-db.com/exploits/40276/
Trust: 1.9
url:http://fortiguard.com/advisory/fg-ir-16-023
Trust: 1.8
url:http://packetstormsecurity.com/files/138387/egregiousblunder-fortigate-remote-code-execution.html
Trust: 1.8
url:https://musalbas.com/2016/08/16/equation-group-firewall-operations-catalogue.html
Trust: 1.8
url:http://www.securitytracker.com/id/1036643
Trust: 1.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6909
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-6909
Trust: 0.8
url:http://www.fortinet.com/
Trust: 0.3
url:http://fortiguard.com/advisory/cookie-parser-buffer-overflow-vulnerability
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/119.html
Trust: 0.1
url:https://www.rapid7.com/db/vulnerabilities/fortios-cve-2016-6909
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:http://tools.cisco.com/security/center/viewalert.x?alertid=48526
Trust: 0.1
sources:
            
            
            VULHUB: VHN-95729 // 
            
            
            
            VULMON: CVE-2016-6909 // 
            
            
            
            BID: 92523 // 
            
            
            
            JVNDB: JVNDB-2016-004445 // 
            
            
            
            CNNVD: CNNVD-201608-383 // 
            
            
            
            CNNVD: CNNVD-201608-446 // 
            
            
            
            NVD: CVE-2016-6909

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 92523

SOURCES
db:VULHUBid:VHN-95729
db:VULMONid:CVE-2016-6909
db:BIDid:92523
db:JVNDBid:JVNDB-2016-004445
db:CNNVDid:CNNVD-201608-383
db:CNNVDid:CNNVD-201608-446
db:NVDid:CVE-2016-6909

LAST UPDATE DATE
2024-08-14T14:46:21.830000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-95729date:2019-05-22T00:00:00
db:VULMONid:CVE-2016-6909date:2019-05-22T00:00:00
db:BIDid:92523date:2016-08-17T00:00:00
db:JVNDBid:JVNDB-2016-004445date:2016-08-25T00:00:00
db:CNNVDid:CNNVD-201608-383date:2016-08-19T00:00:00
db:CNNVDid:CNNVD-201608-446date:2019-05-23T00:00:00
db:NVDid:CVE-2016-6909date:2019-05-22T15:06:00.610

SOURCES RELEASE DATE
db:VULHUBid:VHN-95729date:2016-08-24T00:00:00
db:VULMONid:CVE-2016-6909date:2016-08-24T00:00:00
db:BIDid:92523date:2016-08-17T00:00:00
db:JVNDBid:JVNDB-2016-004445date:2016-08-25T00:00:00
db:CNNVDid:CNNVD-201608-383date:2016-08-19T00:00:00
db:CNNVDid:CNNVD-201608-446date:2016-08-25T00:00:00
db:NVDid:CVE-2016-6909date:2016-08-24T16:30:00.137