Rewterz Threat Advisory – CVE-2021-26111 – Fortinet FortiSwitch Denial of Service

Rewterz Threat Advisory – CVE-2021-30180 – Apache Dubbo Code Execution

June 2, 2021

Rewterz Threat Advisory – CVE-2021-22123 – Fortinet FortiWeb Command Execution

June 2, 2021

Rewterz Threat Advisory – CVE-2021-26111 – Fortinet FortiSwitch Denial of Service

Severity

Medium

Analysis Summary

CVE-2021-26111

Fortinet FortiSwitch is vulnerable to a denial of service, caused by a memory leak flaw in the lldpmedd daemon. By sending specially-crafted LLDP/CDP/EDP packets, a remote attacker could exploit this vulnerability to exhaust available memory, and results in a denial of service condition.

Impact

Denial of Service

Affected Vendors

Fortinet

Affected Products

Fortinet FortiSwitch 6.2.6
FortinetSwitch 6.4.6

Remediation

Refer to FortiGuard Advisory for patch, upgrade or suggested workaround information.

https://www.fortiguard.com/psirt/FG-IR-21-026

Rewterz Threat Advisory – CVE-2021-30180 – Apache Dubbo Code Execution

Rewterz Threat Advisory – CVE-2021-22123 – Fortinet FortiWeb Command Execution

Rewterz Threat Advisory – CVE-2021-26111 – Fortinet FortiSwitch Denial of Service

Severity

Analysis Summary

CVE-2021-26111

Impact

Affected Vendors

Affected Products

Remediation

Security Operations Centers across the region

Saudi Arabia

UAE

Oman

Pakistan