A missing release of memory after effective lifetime vulnerability in FortiSwitch may allow an attacker on an adjacent network to exhaust available memory by sending specifically crafted LLDP/CDP/EDP packets to the device.
Affected ProductsFortiSwitch versions 6.4.6 and below. FortiSwitch versions 6.2.6 and below. FortiSwitch versions 6.0.x FortiSwitch versions 3.6.x
Please upgrade to FortiSwitch 7.0.0.
Please upgrade to FortiSwitch version 6.4.7 or above.
Please upgrade to FortiSwitch version 6.2.7 or above.
Fortinet is pleased to thank Qian Chen(@cq674350529) of Qihoo 360 Nirvan Team for reporting this vulnerability under responsible disclosure.