Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2021-42755: Fortiguard

An integer overflow / wraparound vulnerability [CWE-190] in FortiSwitch 7.0.2 and below, 6.4.9 and below, 6.2.x, 6.0.x; FortiRecorder 6.4.2 and below, 6.0.10 and below; FortiOS 7.0.2 and below, 6.4.8 and below, 6.2.10 and below, 6.0.x; FortiProxy 7.0.0, 2.0.6 and below, 1.2.x, 1.1.x, 1.0.x; FortiVoiceEnterprise 6.4.3 and below, 6.0.10 and below dhcpd daemon may allow an unauthenticated and network adjacent attacker to crash the dhcpd deamon, resulting in potential denial of service.

CVE
#vulnerability#ios#dos#auth

** PSIRT Advisories**

Multiple products - Integer overflow in dhcpd daemon

Summary

An integer overflow / wraparound vulnerability [CWE-190] in the FortiOS, FortiProxy, FortiSwitch, FortiRecoder, and FortiVoiceEnterprise
dhcpd daemon may allow an unauthenticated and network adjacent attacker to crash the dhcpd deamon, resulting in potential denial of service.

Affected Products

FortiOS version 7.0.3 and below.
FortiOS version 6.4.8 and below.
FortiOS version 6.2.10 and below.
FortiOS version 6.0.x.

FortiProxy version 7.0.0.
Fortiproxy version 2.0.6 and below.
FortiProxy version 1.2.x.
FortiProxy version 1.1.x.
FortiProxy version 1.0.x.

FortiSwitch version 7.0.2 and below.
FortiSwitch version 6.4.9 and below.
FortiSwitch version 6.2.x.
FortiSwitch version 6.0.x.

FortiRecorder version 6.4.2 and below.
FortiRecorder version 6.0.10 and below.

FortiVoiceEnterprise version 6.4.3 and below.
FortiVoiceEnterprise version 6.0.10 and below.

Solutions

Please upgrade to FortiOS version 7.0.4 or above.
Please upgrade to FortiOS version 6.4.9 or above.
Please upgrade to FortiOS version 6.2.11 or above.

Please upgrade to FortiProxy version 7.0.1 or above.
Please upgrade to FortiProxy version 2.0.7 or above.

Please upgrade to FortiSwitch version 7.2.0 or above.
Please upgrade to FortiSwitch version 7.0.3 or above.
Please upgrade to FortiSwitch version 6.4.10 or above.
Please upgrade to FortiRecorder version 6.4.3 or above.
Please upgrade to FortiRecorder version 6.0.11 or above.

Please upgrade to FortiVoiceEnterprise version 6.4.4 or above
Please upgrade to FortiVoiceEnterprise version 6.0.11 or above

Acknowledgement

Fortinet is pleased to thank Nanyu Zhong and Yu Zhang from VARAS@IIE for reporting this vulnerability under responsible disclosure.

Related news

Fortinet patch batch remedies multiple path traversal vulnerabilities

Four high, six medium, and one low severity issue fixed

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907