Vulnerability Details : CVE-2021-26111
A missing release of memory after effective lifetime vulnerability in FortiSwitch 6.4.0 to 6.4.6, 6.2.0 to 6.2.6, 6.0.0 to 6.0.6, 3.6.11 and below may allow an attacker on an adjacent network to exhaust available memory by sending specifically crafted LLDP/CDP/EDP packets to the device.
Products affected by CVE-2021-26111
- cpe:2.3:o:fortinet:fortiswitch:*:*:*:*:*:*:*:*
- cpe:2.3:o:fortinet:fortiswitch:*:*:*:*:*:*:*:*
- cpe:2.3:o:fortinet:fortiswitch:*:*:*:*:*:*:*:*
- cpe:2.3:o:fortinet:fortiswitch:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-26111
0.11%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 26 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-26111
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
3.3
|
LOW | AV:A/AC:L/Au:N/C:N/I:N/A:P |
6.5
|
2.9
|
NIST | |
|
6.5
|
MEDIUM | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
2.8
|
3.6
|
NIST | |
|
6.5
|
MEDIUM | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
2.8
|
3.6
|
Fortinet, Inc. |
CWE ids for CVE-2021-26111
-
The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.Assigned by: nvd@nist.gov (Primary)
References for CVE-2021-26111
-
https://fortiguard.com/advisory/FG-IR-21-026
FortiSwitch - memory leak issue in lldpmedd daemon | FortiGuardVendor Advisory
Jump to