Main
Vulnerability Database
Exploits
ID:1042 - Exploit for Buffer overflow in FortiOS and FortiSwitch - CVE-2016-6909
ID:1042 - Exploit for Buffer overflow in FortiOS and FortiSwitch - CVE-2016-6909
Published: March 18, 2020
Vulnerability identifier: #VU5838
Vulnerability risk: Critical
CVE-ID: CVE-2016-6909
CWE-ID: CWE-119
Exploitation vector: Remote access
Vulnerable software:
FortiOS
FortiSwitch
FortiOS
FortiSwitch
Link to public exploit:
Vulnerability description
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exist due to a boundary error within cookie parser. A remote attacker can send a specially crafted HTTP request, cause memory corruption and execute arbitrary code on vulnerable system.
Successful exploitation of the vulnerability may allow an attacker to gain unauthorized access to vulnerable system.
Note:the vulnerability was being actively exploited.
Remediation
Update FortiGuard to version 4.1.11, 4.2.13, 4.3.9.
Update FortiSwitch to version 3.4.3.
Update FortiSwitch to version 3.4.3.