Vulnerability Description
An integer overflow / wraparound vulnerability [CWE-190] in FortiSwitch 7.0.2 and below, 6.4.9 and below, 6.2.x, 6.0.x; FortiRecorder 6.4.2 and below, 6.0.10 and below; FortiOS 7.0.2 and below, 6.4.8 and below, 6.2.10 and below, 6.0.x; FortiProxy 7.0.0, 2.0.6 and below, 1.2.x, 1.1.x, 1.0.x; FortiVoiceEnterprise 6.4.3 and below, 6.0.10 and below dhcpd daemon may allow an unauthenticated and network adjacent attacker to crash the dhcpd deamon, resulting in potential denial of service.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Fortinet | Fortiproxy | >= 1.0.0, <= 1.0.7 |
| Fortinet | Fortivoice | 5.3.0 |
| Fortinet | Fortios | 5.4.0 |
| Fortinet | Fortirecorder Firmware | 6.0.0 |
| Fortinet | Fortiswitch | >= 6.0.0, <= 6.0.7 |
Related Weaknesses (CWE)
References
- https://fortiguard.com/psirt/FG-IR-21-155PatchVendor Advisory
- https://fortiguard.com/psirt/FG-IR-21-155PatchVendor Advisory
FAQ
What is CVE-2021-42755?
CVE-2021-42755 is a vulnerability with a CVSS score of 4.3 (MEDIUM). An integer overflow / wraparound vulnerability [CWE-190] in FortiSwitch 7.0.2 and below, 6.4.9 and below, 6.2.x, 6.0.x; FortiRecorder 6.4.2 and below, 6.0.10 and below; FortiOS 7.0.2 and below, 6.4.8 ...
How severe is CVE-2021-42755?
CVE-2021-42755 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-42755?
Check the references section above for vendor advisories and patch information. Affected products include: Fortinet Fortiproxy, Fortinet Fortivoice, Fortinet Fortios, Fortinet Fortirecorder Firmware, Fortinet Fortiswitch.