CVE-2021-26111
low-risk
Published 2021-06-01
A missing release of memory after effective lifetime vulnerability in FortiSwitch 6.4.0 to 6.4.6, 6.2.0 to 6.2.6, 6.0.0 to 6.0.6, 3.6.11 and below may allow an attacker on an adjacent network to exhaust available memory by sending specifically crafted LLDP/CDP/EDP packets to the device.
Do I need to act?
-
0.11% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.5/10
Medium
ADJACENT_NETWORK
/ LOW complexity
Affected Products (1)
Fortiswitch
Affected Vendors
References (2)
Vendor Advisory
https://fortiguard.com/advisory/FG-IR-21-026
Vendor Advisory
https://fortiguard.com/advisory/FG-IR-21-026
26
/ 100
low-risk
Severity
21/34 · High
Exploitability
0/34 · Minimal
Exposure
5/34 · Minimal