CVE-2021-42755

Name of the Vulnerable Software and Affected Versions FortiSwitch versions 7.0.2 and below, 6.4.9 and below, 6.2.x, 6.0.x FortiRecorder versions 6.4.2 and below, 6.0.10 and below FortiOS versions 7.0.2 and below, 6.4.8 and below, 6.2.10 and below, 6.0.x FortiProxy versions 7.0.0, 2.0.6 and below, 1.2.x, 1.1.x, 1.0.x FortiVoiceEnterprise versions 6.4.3 and below, 6.0.10 and below

Description An integer overflow / wraparound vulnerability in the dhcpd daemon may allow an unauthenticated and network adjacent attacker to crash the dhcpd daemon, resulting in potential denial of service.

Recommendations For FortiSwitch versions 7.0.2 and below, 6.4.9 and below, 6.2.x, 6.0.x, update to a version above 7.0.2 or apply the recommended patch. For FortiRecorder versions 6.4.2 and below, 6.0.10 and below, update to a version above 6.4.2 or apply the recommended patch. For FortiOS versions 7.0.2 and below, 6.4.8 and below, 6.2.10 and below, 6.0.x, update to a version above 7.0.2 or apply the recommended patch. For FortiProxy versions 7.0.0, 2.0.6 and below, 1.2.x, 1.1.x, 1.0.x, update to a version above 2.0.6 or apply the recommended patch. For FortiVoiceEnterprise versions 6.4.3 and below, 6.0.10 and below, update to a version above 6.4.3 or apply the recommended patch. As a temporary workaround, consider disabling the dhcpd daemon until a patch is available.