Memory Exhaustion Vulnerability in FortiSwitch by Fortinet
CVE-2021-26111

6.5MEDIUM

Key Information:

Vendor: Fortinet
Status: Fortinet Fortiswitch
Vendor: CVE Published:; 1 June 2021

Summary

FortiSwitch devices from version 3.6.11 and lower to 6.4.6 are vulnerable to a memory exhaustion issue due to a missing release of memory after the effective lifetime. An attacker located on an adjacent network can exploit this vulnerability by sending specially crafted LLDP, CDP, or EDP packets to the affected device, potentially exhausting the available memory and impacting device performance.

Affected Version(s)

Fortinet FortiSwitch FortiSwitch 6.4.0 to 6.4.6, 6.2.0 to 6.2.6, 6.0.0 to 6.0.6, 3.6.11 and below

References

https://fortiguard.com/advisory/FG-IR-21-026

x_refsource_CONFIRM

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 1, 2021
Vulnerability Reserved
Jan 25, 2021