CVE-2021-42755

CVE Database · CVE-2021-42755

CVE-2021-42755

· MEDIUMModified

CVSS v3.1

4.3

EPSS

0.34%

Published

Jul 18, 2022

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

An integer overflow / wraparound vulnerability [CWE-190] in FortiSwitch 7.0.2 and below, 6.4.9 and below, 6.2.x, 6.0.x; FortiRecorder 6.4.2 and below, 6.0.10 and below; FortiOS 7.0.2 and below, 6.4.8 and below, 6.2.10 and below, 6.0.x; FortiProxy 7.0.0, 2.0.6 and below, 1.2.x, 1.1.x, 1.0.x; FortiVoiceEnterprise 6.4.3 and below, 6.0.10 and below dhcpd daemon may allow an unauthenticated and network adjacent attacker to crash the dhcpd deamon, resulting in potential denial of service.

CVSS Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Weaknesses (CWE)

CWE-190

Affected Products (130)

fortinet · fortiproxyvulnerable

fortinet · fortivoicevulnerable

References (2)

https://fortiguard.com/psirt/FG-IR-21-155

PatchVendor Advisory

https://fortiguard.com/psirt/FG-IR-21-155

PatchVendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs