Integer Overflow Vulnerability in Fortinet Products
CVE-2021-42755

4.3MEDIUM

Key Information:

Vendor: Fortinet
Status: Fortinet Fortiswitch, Fortirecorder, Fortivoiceenterprise, FortiOS, Fortiproxy
Vendor: CVE Published:; 18 July 2022

Summary

An integer overflow vulnerability in several Fortinet products, including FortiSwitch, FortiRecorder, FortiOS, FortiProxy, and FortiVoiceEnterprise, may allow an unauthenticated network-adjacent attacker to exploit the dhcpd daemon, potentially resulting in a denial of service. This could enable attackers to crash the service, disrupting network activities.

Affected Version(s)

Fortinet FortiSwitch, FortiRecorder, FortiVoiceEnterprise, FortiOS, FortiProxy FortiSwitch 7.0.2 and below, 6.4.9 and below, 6.2.x, 6.0.x; FortiRecorder 6.4.2 and below, 6.0.10 and below; FortiOS 7.0.2 and below, 6.4.8 and below, 6.2.10 and below, 6.0.x; FortiProxy 7.0.0, 2.0.6 and below, 1.2.x, 1.1.x, 1.0.x; FortiVoiceEnterprise 6.4.3 and below, 6.0.10 and below

References

https://fortiguard.com/psirt/FG-IR-21-155

x_refsource_CONFIRM

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 18, 2022
Vulnerability Reserved
Oct 20, 2021