Main Vulnerability Database Vulnerabilities #VU5838

#VU5838 Buffer overflow in FortiOS and FortiSwitch - CVE-2016-6909

Published: February 16, 2017 / Updated: February 28, 2017

Vulnerability identifier: #VU5838

Vulnerability risk: Critical

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Red

CVE-ID: CVE-2016-6909

CWE-ID: CWE-119

Exploitation vector: Remote access

Exploit availability: Public exploit is available

Vulnerable software:
FortiOS
FortiSwitch

Software vendor:
Fortinet, Inc

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exist due to a boundary error within cookie parser. A remote attacker can send a specially crafted HTTP request, cause memory corruption and execute arbitrary code on vulnerable system.

Successful exploitation of the vulnerability may allow an attacker to gain unauthorized access to vulnerable system.

Note:the vulnerability was being actively exploited.

Remediation

Update FortiGuard to version 4.1.11, 4.2.13, 4.3.9.
Update FortiSwitch to version 3.4.3.

External links

http://fortiguard.com/advisory/FG-IR-16-023

#VU5838 Buffer overflow in FortiOS and FortiSwitch - CVE-2016-6909

Description

Remediation

External links

Please verify you're human