CVE-2021-26111

CWE-401Memory Leak4 documents4 sources
Severity
6.5MEDIUM
EPSS
0.1%
top 71.17%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Fortinet FortiswitchFortinet Fortinet Fortiswitch
Timeline
PublishedJun 1
Latest updateMay 24

Description

A missing release of memory after effective lifetime vulnerability in FortiSwitch 6.4.0 to 6.4.6, 6.2.0 to 6.2.6, 6.0.0 to 6.0.6, 3.6.11 and below may allow an attacker on an adjacent network to exhaust available memory by sending specifically crafted LLDP/CDP/EDP packets to the device.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

NVDfortinet/fortiswitch6.0.06.0.6+3
CVEListV5fortinet/fortinet_fortiswitchFortiSwitch 6.4.0 to 6.4.6, 6.2.0 to 6.2.6, 6.0.0 to 6.0.6, 3.6.11 and below

🔴Vulnerability Details

2
GHSA
GHSA-4mmv-85v4-q6hm: A missing release of memory after effective lifetime vulnerability in FortiSwitch 62022-05-24
CVEList
CVE-2021-26111: A missing release of memory after effective lifetime vulnerability in FortiSwitch 62021-06-01

📋Vendor Advisories

1
Fortinet
A missing release of memory after effective lifetime vulnerability in FortiSwitch 6.4.0 to 6.4.6, 6.2.0 to 6.2.6, 6.0.0...2021-06-01
CVE-2021-26111 (MEDIUM CVSS 6.5) | A missing release of memory after e | cvebase.io