Fortinet FortiOS 4.1.x < 4.1.11 / 4.2.x < 4.2.13 / 4.3.x < 4.3.9 Web Interface Cookie Parser RCE (EGREGIOUSBLUNDER)
Critical Nessus Plugin ID 93128
SynopsisThe remote host is affected by a remote code execution vulnerability.
DescriptionThe remote FortiGate device is running a version of FortiOS that is 4.1.x prior to 4.1.11, 4.2.x prior to 4.2.13, or 4.3.x prior to 4.3.9. It is, therefore, affected by a remote code execution vulnerability, known as EGREGIOUSBLUNDER, in the web interface due to improper validation when parsing cookies. An unauthenticated, remote attacker can exploit this, via a specially crafted HTTP request, to cause a buffer overflow condition, resulting in a denial of service condition or the execution of arbitrary code.
EGREGIOUSBLUNDER is one of multiple Equation Group vulnerabilities and exploits disclosed on 2016/08/14 by a group known as the Shadow Brokers.
SolutionUpgrade to Fortinet FortiOS 4.1.11 / 4.2.13 / 4.3.9 / 5.0 or later.