CVE-2021-42755

CWE-190 — Integer Overflow4 documents4 sources

Severity

4.3MEDIUM

EPSS

0.1%

top 72.12%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fortinet Fortiproxy Fortinet Fortiswitch Fortinet Fortios +2 more

Timeline

PublishedJul 18

Latest updateJul 19

Description

An integer overflow / wraparound vulnerability [CWE-190] in FortiSwitch 7.0.2 and below, 6.4.9 and below, 6.2.x, 6.0.x; FortiRecorder 6.4.2 and below, 6.0.10 and below; FortiOS 7.0.2 and below, 6.4.8 and below, 6.2.10 and below, 6.0.x; FortiProxy 7.0.0, 2.0.6 and below, 1.2.x, 1.1.x, 1.0.x; FortiVoiceEnterprise 6.4.3 and below, 6.0.10 and below dhcpd daemon may allow an unauthenticated and network adjacent attacker to crash the dhcpd deamon, resulting in potential denial of service.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 2.8 | Impact: 1.4

Affected Packages5 packages

▶NVDfortinet/fortiproxy1.0.0 — 1.0.7+4

▶NVDfortinet/fortiswitch6.0.0 — 6.0.7+3

▶NVDfortinet/fortios66 versions+65

▶NVDfortinet/fortirecorder_firmware14 versions+13

▶NVDfortinet/fortivoice41 versions+40

Patches

Patch: fortiguard.com ↗Patch: fortiguard.com ↗

🔴Vulnerability Details

GHSA

GHSA-v985-ffxm-2rhh: An integer overflow / wraparound vulnerability [CWE-190] in FortiSwitch 7↗2022-07-19

▶

CVEList

CVE-2021-42755: An integer overflow / wraparound vulnerability [CWE-190] in FortiSwitch 7↗2022-07-18

▶

📋Vendor Advisories

Fortinet

An integer overflow / wraparound vulnerability [CWE-190] in FortiSwitch 7.0.2 and below, 6.4.9 and below, 6.2.x, 6.0.x;...↗2022-07-18

▶