CVE-2021-26111

Name of the Vulnerable Software and Affected Versions FortiSwitch versions 3.6.11 and below FortiSwitch versions 6.0.0 through 6.0.6 FortiSwitch versions 6.2.0 through 6.2.6 FortiSwitch versions 6.4.0 through 6.4.6

Description A missing release of memory after effective lifetime issue may allow an attacker on an adjacent network to exhaust available memory by sending specifically crafted LLDP/CDP/EDP packets to the device. This could lead to a denial of service. The attacker must be on an adjacent network to exploit this issue.

Recommendations For FortiSwitch versions 3.6.11 and below, update to a version above 3.6.11 to resolve the issue. For FortiSwitch versions 6.0.0 through 6.0.6, update to a version above 6.0.6 to resolve the issue. For FortiSwitch versions 6.2.0 through 6.2.6, update to a version above 6.2.6 to resolve the issue. For FortiSwitch versions 6.4.0 through 6.4.6, update to a version above 6.4.6 to resolve the issue. As a temporary workaround, consider restricting access to the device to minimize the risk of exploitation by unauthorized parties.