Buffer overflow in the Cookie parser in Fortinet FortiOS 4.x before 4.1.11, 4.2.x before 4.2.13, and 4.3.x before 4.3.9 and FortiSwitch before 3.4.3 allows remote attackers to execute arbitrary code via a crafted HTTP request, aka EGREGIOUSBLUNDER.
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HFortinet FortiOS
OSFortinet4.1.0 – 4.1.11 (bez)4.2.0 – 4.2.13 (bez)4.3.0 – 4.3.9 (bez)Fortinet Fortiswitch
OSFortinet≤ 3.4.2
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
RCEMemoryFirewall
CWE
References
Related vulnerabilities
CVE-2026-24858CRITICAL9.8⚠ KEVPL ✓ten sam produkt
Fortinet – Auth Bypass przez FortiCloud SSO w wielu produktach
CVE-2025-59718CRITICAL9.8⚠ KEVPL ✓ten sam produkt
Fortinet FortiOS/FortiProxy/FortiSwitchManager — Auth Bypass przez SAML
CVE-2024-55591CRITICAL9.8⚠ KEVPL ✓ten sam produkt
Authentication Bypass w FortiOS i FortiProxy — przejęcie uprawnień super-admin
CVE-2024-23113CRITICAL9.8⚠ KEVPL ✓ten sam produkt
Krytyczna podatność format string RCE w Fortinet FortiOS, FortiProxy i FortiSwitchManager
CVE-2024-21762CRITICAL9.8⚠ KEVPL ✓ten sam produkt
Out-of-bounds write w Fortinet FortiOS i FortiProxy — RCE bez uwierzytelnienia