CVE-2021-42755

MEDIUM

FortiProxy 7.0.0, < 2.0.7, 1.2.x, 1.1.x, 1.0.x - Unauthenticated Denial of Service via Integer Overflow in dhcpd Daemon

Title source: llm
STIX 2.1

Description

An integer overflow / wraparound vulnerability [CWE-190] in FortiSwitch 7.0.2 and below, 6.4.9 and below, 6.2.x, 6.0.x; FortiRecorder 6.4.2 and below, 6.0.10 and below; FortiOS 7.0.2 and below, 6.4.8 and below, 6.2.10 and below, 6.0.x; FortiProxy 7.0.0, 2.0.6 and below, 1.2.x, 1.1.x, 1.0.x; FortiVoiceEnterprise 6.4.3 and below, 6.0.10 and below dhcpd daemon may allow an unauthenticated and network adjacent attacker to crash the dhcpd deamon, resulting in potential denial of service.

References (1)

Core 1
Core References
Patch, Vendor Advisory x_refsource_confirm
https://fortiguard.com/psirt/FG-IR-21-155

Scores

CVSS v3 4.3
EPSS 0.0010
EPSS Percentile 27.4%
Attack Vector ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Details

CWE
CWE-190
Status published
Products (50)
fortinet/fortios 5.4.0
fortinet/fortios 5.4.1
fortinet/fortios 5.4.2
fortinet/fortios 5.4.3
fortinet/fortios 5.4.4
fortinet/fortios 5.4.5
fortinet/fortios 5.4.6
fortinet/fortios 5.4.7
fortinet/fortios 5.4.8
fortinet/fortios 5.4.9
... and 40 more
Published Jul 18, 2022
Tracked Since Feb 18, 2026