Vulnerabilites related to Fortinet - Fortinet FortiSwitch
CVE-2021-26111 (GCVE-0-2021-26111)
Vulnerability from cvelistv5
Published
2021-06-01 19:57
Modified
2024-10-25 13:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Denial of service
Summary
A missing release of memory after effective lifetime vulnerability in FortiSwitch 6.4.0 to 6.4.6, 6.2.0 to 6.2.6, 6.0.0 to 6.0.6, 3.6.11 and below may allow an attacker on an adjacent network to exhaust available memory by sending specifically crafted LLDP/CDP/EDP packets to the device.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fortinet | Fortinet FortiSwitch |
Version: FortiSwitch 6.4.0 to 6.4.6, 6.2.0 to 6.2.6, 6.0.0 to 6.0.6, 3.6.11 and below |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:19:20.121Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://fortiguard.com/advisory/FG-IR-21-026"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-26111",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-23T13:58:52.027136Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-25T13:58:45.100Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Fortinet FortiSwitch",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "FortiSwitch 6.4.0 to 6.4.6, 6.2.0 to 6.2.6, 6.0.0 to 6.0.6, 3.6.11 and below"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A missing release of memory after effective lifetime vulnerability in FortiSwitch 6.4.0 to 6.4.6, 6.2.0 to 6.2.6, 6.0.0 to 6.0.6, 3.6.11 and below may allow an attacker on an adjacent network to exhaust available memory by sending specifically crafted LLDP/CDP/EDP packets to the device."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-01T19:57:24",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://fortiguard.com/advisory/FG-IR-21-026"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@fortinet.com",
"ID": "CVE-2021-26111",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Fortinet FortiSwitch",
"version": {
"version_data": [
{
"version_value": "FortiSwitch 6.4.0 to 6.4.6, 6.2.0 to 6.2.6, 6.0.0 to 6.0.6, 3.6.11 and below"
}
]
}
}
]
},
"vendor_name": "Fortinet"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A missing release of memory after effective lifetime vulnerability in FortiSwitch 6.4.0 to 6.4.6, 6.2.0 to 6.2.6, 6.0.0 to 6.0.6, 3.6.11 and below may allow an attacker on an adjacent network to exhaust available memory by sending specifically crafted LLDP/CDP/EDP packets to the device."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "Low",
"attackVector": "Adjacent",
"availabilityImpact": "High",
"baseScore": 6.2,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"userInteraction": "None",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://fortiguard.com/advisory/FG-IR-21-026",
"refsource": "CONFIRM",
"url": "https://fortiguard.com/advisory/FG-IR-21-026"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2021-26111",
"datePublished": "2021-06-01T19:57:24",
"dateReserved": "2021-01-25T00:00:00",
"dateUpdated": "2024-10-25T13:58:45.100Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}