Description
A buffer copy without checking size of input ('classic buffer overflow') vulnerability in Fortinet FortiSwitchAXFixed 1.0.0 through 1.0.1 may allow an unauthenticated attacker within the same adjacent network to execute unauthorized code or commands on the device via sending a crafted LLDP packet.
Published: 2026-03-10
Score: 7.7 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

A classic buffer overflow occurs in FortiSwitchAXFixed firmware when copying input without size validation, allowing an unauthenticated attacker on the same adjacent network to send a crafted LLDP packet that can lead to execution of arbitrary code or commands on the device. This flaw is classified as CWE-120, a classic buffer overflow weakness, and can compromise the confidentiality, integrity, and availability of the switch by granting full control to the attacker.

Affected Systems

Fortinet FortiSwitchAXFixed devices running firmware versions 1.0.0 through 1.0.1 are affected. The vulnerability is not present in upgrades to FortiSwitchAX-Chassis 1.0.0 or newer, nor in FortiSwitchAXFixed 1.0.2 and later.

Risk and Exploitability

The vulnerability carries a CVSS score of 7.7, indicating a high severity. Its EPSS score is less than 1%, suggesting that widespread exploitation is currently unlikely. The flaw is not listed in the CISA Known Exploited Vulnerabilities catalog. The attack vector is inferred to be local: an adversary must be on the same adjacent network to craft and transmit the malicious LLDP packet. If exploited, the attacker could gain unauthorized command execution on the affected device.

Generated by OpenCVE AI on April 16, 2026 at 03:52 UTC.

Remediation

Vendor Solution

Upgrade to FortiSwitchAX-Chassis version 1.0.0 or above Upgrade to FortiSwitchAXFixed version 1.0.2 or above

OpenCVE Recommended Actions

  • Upgrade FortiSwitchAX-Chassis to version 1.0.0 or later.
  • Upgrade FortiSwitchAXFixed to version 1.0.2 or later.
  • If LLDP is not required for network operation, disable LLDP on the affected FortiSwitchAXFixed to prevent exploitation.

Generated by OpenCVE AI on April 16, 2026 at 03:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 16 Apr 2026 04:15:00 +0000

Type Values Removed Values Added
Title Unauthenticated Buffer Overflow via LLDP Packet in FortiSwitchAXFixed

Thu, 09 Apr 2026 21:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:fortinet:fortiswitchaxfixed:*:*:*:*:*:*:*:*

Thu, 12 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 10 Mar 2026 17:15:00 +0000

Type Values Removed Values Added
Description A buffer copy without checking size of input ('classic buffer overflow') vulnerability in Fortinet FortiSwitchAXFixed 1.0.0 through 1.0.1 may allow an unauthenticated attacker within the same adjacent network to execute unauthorized code or commands on the device via sending a crafted LLDP packet.
First Time appeared Fortinet
Fortinet fortiswitchaxfixed
Weaknesses CWE-120
CPEs cpe:2.3:a:fortinet:fortiswitchaxfixed:1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiswitchaxfixed:1.0.1:*:*:*:*:*:*:*
Vendors & Products Fortinet
Fortinet fortiswitchaxfixed
References
Metrics cvssV3_1

{'score': 7.7, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C'}

Subscriptions

Fortinet Fortiswitchaxfixed
cve-icon MITRE

Status: PUBLISHED

Assigner: fortinet

Published:

Updated: 2026-03-12T14:37:44.121Z

Reserved: 2026-01-08T06:49:28.868Z

Link: CVE-2026-22627

cve-icon Vulnrichment

Updated: 2026-03-12T14:37:40.262Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-10T18:18:12.570

Modified: 2026-04-09T20:54:45.860

Link: CVE-2026-22627

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T04:00:09Z

Weaknesses