Critical severity9.8NVD Advisory· Published Aug 24, 2016· Updated May 6, 2026

CVE-2016-6909

Description

Buffer overflow in the Cookie parser in Fortinet FortiOS 4.x before 4.1.11, 4.2.x before 4.2.13, and 4.3.x before 4.3.9 and FortiSwitch before 3.4.3 allows remote attackers to execute arbitrary code via a crafted HTTP request, aka EGREGIOUSBLUNDER.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

packetstormsecurity.com/files/138387/EGREGIOUSBLUNDER-Fortigate-Remote-Code-Execution.htmlnvdExploitThird Party AdvisoryVDB Entry
www.exploit-db.com/exploits/40276/nvdExploitThird Party AdvisoryVDB Entry
fortiguard.com/advisory/FG-IR-16-023nvdVendor Advisory
www.securityfocus.com/bid/92523nvdThird Party AdvisoryVDB Entry
www.securitytracker.com/id/1036643nvdThird Party AdvisoryVDB Entry
musalbas.com/2016/08/16/equation-group-firewall-operations-catalogue.htmlnvdThird Party Advisory

News mentions

No linked articles in our index yet.

cvss	0.637
epss	0.051
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000