Details of VAR-202106-1430

ID

VAR-202106-1430

CVE

CVE-2021-26111

TITLE

FortiSwitch Vulnerabilities in lack of free memory after expiration

Trust: 0.8

sources: JVNDB: JVNDB-2021-007665

DESCRIPTION

A missing release of memory after effective lifetime vulnerability in FortiSwitch 6.4.0 to 6.4.6, 6.2.0 to 6.2.6, 6.0.0 to 6.0.6, 3.6.11 and below may allow an attacker on an adjacent network to exhaust available memory by sending specifically crafted LLDP/CDP/EDP packets to the device. FortiSwitch Is vulnerable to a lack of free memory after expiration.Denial of service (DoS) It may be put into a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. effect is a software package for adding image effects. There are resource management error vulnerabilities in FortiSwitch 6.4.0 - 6.4.6, 6.2.0 - 6.2.6, 6.0.0 - 6.0.6, 3.6.11 and below versions

Trust: 2.34

sources: NVD: CVE-2021-26111 // JVNDB: JVNDB-2021-007665 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-385075 // VULMON: CVE-2021-26111

AFFECTED PRODUCTS

vendor:	fortinet	model:	fortiswitch	scope:	gte	version:	6.2.0	Trust: 1.0
vendor:	fortinet	model:	fortiswitch	scope:	gte	version:	6.4.0	Trust: 1.0
vendor:	fortinet	model:	fortiswitch	scope:	lte	version:	3.6.11	Trust: 1.0
vendor:	fortinet	model:	fortiswitch	scope:	lte	version:	6.0.6	Trust: 1.0
vendor:	fortinet	model:	fortiswitch	scope:	lte	version:	6.2.6	Trust: 1.0
vendor:	fortinet	model:	fortiswitch	scope:	lte	version:	6.4.6	Trust: 1.0
vendor:	fortinet	model:	fortiswitch	scope:	gte	version:	6.0.0	Trust: 1.0
vendor:	フォーティネット	model:	fortiswitch	scope:	eq	version:	-	Trust: 0.8
vendor:	フォーティネット	model:	fortiswitch	scope:	eq	version:	6.0.0 to 6.0.6	Trust: 0.8
vendor:	フォーティネット	model:	fortiswitch	scope:	eq	version:	6.2.0 to 6.2.6	Trust: 0.8
vendor:	フォーティネット	model:	fortiswitch	scope:	lte	version:	3.6.11 and earlier	Trust: 0.8
vendor:	フォーティネット	model:	fortiswitch	scope:	eq	version:	6.4.0 to 6.4.6	Trust: 0.8

sources: JVNDB: JVNDB-2021-007665 // NVD: CVE-2021-26111

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-26111
value:	MEDIUM
Trust: 1.0
psirt@fortinet.com:	CVE-2021-26111
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-26111
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202106-075
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-385075
value:	LOW
Trust: 0.1
VULMON:	CVE-2021-26111
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2021-26111
severity:	LOW
baseScore:	3.3
vectorString:	AV:A/AC:L/AU:N/C:N/I:N/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-385075
severity:	LOW
baseScore:	3.3
vectorString:	AV:A/AC:L/AU:N/C:N/I:N/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-26111
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 2.0
OTHER:	JVNDB-2021-007665
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-385075 // VULMON: CVE-2021-26111 // JVNDB: JVNDB-2021-007665 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-075 // NVD: CVE-2021-26111 // NVD: CVE-2021-26111

PROBLEMTYPE DATA

problemtype:	CWE-401	Trust: 1.1
problemtype:	Lack of free memory after expiration (CWE-401) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-385075 // JVNDB: JVNDB-2021-007665 // NVD: CVE-2021-26111

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202106-075

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title:	FG-IR-21-026	url:	https://fortiguard.com/advisory/FG-IR-21-026	Trust: 0.8
title:	Fortinet FortiSwitch Remediation of resource management error vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=154165	Trust: 0.6

sources: JVNDB: JVNDB-2021-007665 // CNNVD: CNNVD-202106-075

EXTERNAL IDS

db:	NVD	id:	CVE-2021-26111	Trust: 3.4
db:	JVNDB	id:	JVNDB-2021-007665	Trust: 0.8
db:	CNNVD	id:	CNNVD-202106-075	Trust: 0.7
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	CS-HELP	id:	SB2021060138	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.1890	Trust: 0.6
db:	VULHUB	id:	VHN-385075	Trust: 0.1
db:	VULMON	id:	CVE-2021-26111	Trust: 0.1

sources: VULHUB: VHN-385075 // VULMON: CVE-2021-26111 // JVNDB: JVNDB-2021-007665 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-075 // NVD: CVE-2021-26111

REFERENCES

url:	https://fortiguard.com/advisory/fg-ir-21-026	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2021-26111	Trust: 0.8
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.1890	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021060138	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/401.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-385075 // VULMON: CVE-2021-26111 // JVNDB: JVNDB-2021-007665 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-075 // NVD: CVE-2021-26111

SOURCES

db:	VULHUB	id:	VHN-385075
db:	VULMON	id:	CVE-2021-26111
db:	JVNDB	id:	JVNDB-2021-007665
db:	CNNVD	id:	CNNVD-202104-975
db:	CNNVD	id:	CNNVD-202106-075
db:	NVD	id:	CVE-2021-26111

LAST UPDATE DATE

2024-08-14T12:29:06.216000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-385075	date:	2021-06-11T00:00:00
db:	VULMON	id:	CVE-2021-26111	date:	2021-06-11T00:00:00
db:	JVNDB	id:	JVNDB-2021-007665	date:	2022-02-18T09:04:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	CNNVD	id:	CNNVD-202106-075	date:	2021-06-16T00:00:00
db:	NVD	id:	CVE-2021-26111	date:	2021-06-11T15:23:29.780

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-385075	date:	2021-06-01T00:00:00
db:	VULMON	id:	CVE-2021-26111	date:	2021-06-01T00:00:00
db:	JVNDB	id:	JVNDB-2021-007665	date:	2022-02-18T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	CNNVD	id:	CNNVD-202106-075	date:	2021-06-01T00:00:00
db:	NVD	id:	CVE-2021-26111	date:	2021-06-01T20:15:08.413