CVE-2021-26111
MEDIUMFortiSwitch 6.4.0-6.4.6, 6.2.0-6.2.6, 6.0.0-6.0.6, <=3.6.11 - Use-After-Free via LLDP/CDP/EDP Packets
Title source: llmDescription
A missing release of memory after effective lifetime vulnerability in FortiSwitch 6.4.0 to 6.4.6, 6.2.0 to 6.2.6, 6.0.0 to 6.0.6, 3.6.11 and below may allow an attacker on an adjacent network to exhaust available memory by sending specifically crafted LLDP/CDP/EDP packets to the device.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://fortiguard.com/advisory/FG-IR-21-026
Scores
CVSS v3
6.5
EPSS
0.0011
EPSS Percentile
28.3%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-401
Status
published
Products (1)
fortinet/fortiswitch
< 3.6.11
Published
Jun 01, 2021
Tracked Since
Feb 18, 2026