CVE-2021-26111

MEDIUM

Fortinet Fortiswitch < 3.6.11 - Memory Leak

Title source: rule

Description

A missing release of memory after effective lifetime vulnerability in FortiSwitch 6.4.0 to 6.4.6, 6.2.0 to 6.2.6, 6.0.0 to 6.0.6, 3.6.11 and below may allow an attacker on an adjacent network to exhaust available memory by sending specifically crafted LLDP/CDP/EDP packets to the device.

References (1)

[Vendor Advisory] https://fortiguard.com/advisory/FG-IR-21-026

Scores

CVSS v3 6.5

EPSS 0.0011

EPSS Percentile 28.8%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Classification

CWE

CWE-401

Status published

Affected Products (1)

fortinet/fortiswitch < 3.6.11

Timeline

Published Jun 01, 2021

Tracked Since Feb 18, 2026