Buffer overflow in the Cookie parser in Fortinet FortiOS 4.x before 4.1.11, 4.2.x before 4.2.13, and 4.3.x before 4.3.9 and FortiSwitch before 3.4.3 allows remote attackers to execute arbitrary code via a crafted HTTP request, aka EGREGIOUSBLUNDER.
https://musalbas.com/2016/08/16/equation-group-firewall-operations-catalogue.html
http://www.securitytracker.com/id/1036643
http://www.securityfocus.com/bid/92523
http://fortiguard.com/advisory/FG-IR-16-023
Source: Mitre, NVD
Published: 2016-08-24
Updated: 2025-04-12
Base Score: 10
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
Severity: Critical
Base Score: 9.8
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS: 0.73564