ID

VAR-202106-1430


CVE

CVE-2021-26111


TITLE

FortiSwitch  Vulnerabilities in lack of free memory after expiration

Trust: 0.8

sources: JVNDB: JVNDB-2021-007665

DESCRIPTION

A missing release of memory after effective lifetime vulnerability in FortiSwitch 6.4.0 to 6.4.6, 6.2.0 to 6.2.6, 6.0.0 to 6.0.6, 3.6.11 and below may allow an attacker on an adjacent network to exhaust available memory by sending specifically crafted LLDP/CDP/EDP packets to the device. FortiSwitch Is vulnerable to a lack of free memory after expiration.Denial of service (DoS) It may be put into a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. effect is a software package for adding image effects. There are resource management error vulnerabilities in FortiSwitch 6.4.0 - 6.4.6, 6.2.0 - 6.2.6, 6.0.0 - 6.0.6, 3.6.11 and below versions

Trust: 2.34

sources: NVD: CVE-2021-26111 // JVNDB: JVNDB-2021-007665 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-385075 // VULMON: CVE-2021-26111

AFFECTED PRODUCTS

vendor:fortinetmodel:fortiswitchscope:gteversion:6.2.0

Trust: 1.0

vendor:fortinetmodel:fortiswitchscope:gteversion:6.4.0

Trust: 1.0

vendor:fortinetmodel:fortiswitchscope:lteversion:3.6.11

Trust: 1.0

vendor:fortinetmodel:fortiswitchscope:lteversion:6.0.6

Trust: 1.0

vendor:fortinetmodel:fortiswitchscope:lteversion:6.2.6

Trust: 1.0

vendor:fortinetmodel:fortiswitchscope:lteversion:6.4.6

Trust: 1.0

vendor:fortinetmodel:fortiswitchscope:gteversion:6.0.0

Trust: 1.0

vendor:フォーティネットmodel:fortiswitchscope:eqversion: -

Trust: 0.8

vendor:フォーティネットmodel:fortiswitchscope:eqversion:6.0.0 to 6.0.6

Trust: 0.8

vendor:フォーティネットmodel:fortiswitchscope:eqversion:6.2.0 to 6.2.6

Trust: 0.8

vendor:フォーティネットmodel:fortiswitchscope:lteversion:3.6.11 and earlier

Trust: 0.8

vendor:フォーティネットmodel:fortiswitchscope:eqversion:6.4.0 to 6.4.6

Trust: 0.8

sources: JVNDB: JVNDB-2021-007665 // NVD: CVE-2021-26111

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-26111
value: MEDIUM

Trust: 1.0

psirt@fortinet.com: CVE-2021-26111
value: MEDIUM

Trust: 1.0

NVD: CVE-2021-26111
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202104-975
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202106-075
value: MEDIUM

Trust: 0.6

VULHUB: VHN-385075
value: LOW

Trust: 0.1

VULMON: CVE-2021-26111
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2021-26111
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-385075
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-26111
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 2.0

OTHER: JVNDB-2021-007665
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-385075 // VULMON: CVE-2021-26111 // JVNDB: JVNDB-2021-007665 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-075 // NVD: CVE-2021-26111 // NVD: CVE-2021-26111

PROBLEMTYPE DATA

problemtype:CWE-401

Trust: 1.1

problemtype:Lack of free memory after expiration (CWE-401) [NVD Evaluation ]

Trust: 0.8

sources: VULHUB: VHN-385075 // JVNDB: JVNDB-2021-007665 // NVD: CVE-2021-26111

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202106-075

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title:FG-IR-21-026url:https://fortiguard.com/advisory/FG-IR-21-026

Trust: 0.8

title:Fortinet FortiSwitch Remediation of resource management error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=154165

Trust: 0.6

sources: JVNDB: JVNDB-2021-007665 // CNNVD: CNNVD-202106-075

EXTERNAL IDS

db:NVDid:CVE-2021-26111

Trust: 3.4

db:JVNDBid:JVNDB-2021-007665

Trust: 0.8

db:CNNVDid:CNNVD-202106-075

Trust: 0.7

db:CS-HELPid:SB2021041363

Trust: 0.6

db:CNNVDid:CNNVD-202104-975

Trust: 0.6

db:CS-HELPid:SB2021060138

Trust: 0.6

db:AUSCERTid:ESB-2021.1890

Trust: 0.6

db:VULHUBid:VHN-385075

Trust: 0.1

db:VULMONid:CVE-2021-26111

Trust: 0.1

sources: VULHUB: VHN-385075 // VULMON: CVE-2021-26111 // JVNDB: JVNDB-2021-007665 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-075 // NVD: CVE-2021-26111

REFERENCES

url:https://fortiguard.com/advisory/fg-ir-21-026

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2021-26111

Trust: 0.8

url:https://www.cybersecurity-help.cz/vdb/sb2021041363

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1890

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021060138

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/401.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-385075 // VULMON: CVE-2021-26111 // JVNDB: JVNDB-2021-007665 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-075 // NVD: CVE-2021-26111

SOURCES

db:VULHUBid:VHN-385075
db:VULMONid:CVE-2021-26111
db:JVNDBid:JVNDB-2021-007665
db:CNNVDid:CNNVD-202104-975
db:CNNVDid:CNNVD-202106-075
db:NVDid:CVE-2021-26111

LAST UPDATE DATE

2024-08-14T12:29:06.216000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-385075date:2021-06-11T00:00:00
db:VULMONid:CVE-2021-26111date:2021-06-11T00:00:00
db:JVNDBid:JVNDB-2021-007665date:2022-02-18T09:04:00
db:CNNVDid:CNNVD-202104-975date:2021-04-14T00:00:00
db:CNNVDid:CNNVD-202106-075date:2021-06-16T00:00:00
db:NVDid:CVE-2021-26111date:2021-06-11T15:23:29.780

SOURCES RELEASE DATE

db:VULHUBid:VHN-385075date:2021-06-01T00:00:00
db:VULMONid:CVE-2021-26111date:2021-06-01T00:00:00
db:JVNDBid:JVNDB-2021-007665date:2022-02-18T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-13T00:00:00
db:CNNVDid:CNNVD-202106-075date:2021-06-01T00:00:00
db:NVDid:CVE-2021-26111date:2021-06-01T20:15:08.413