CVE-2017-14187

Published: May 24, 2018Modified: Nov 21, 2024

6.2

Vector

CVSS:3.0/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 0.3 / Impact: 5.9

Source: NVD

Description

A local privilege escalation and local code execution vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.8, and 5.2 and below versions allows attacker to execute unauthorized binary program contained on an USB drive plugged into a FortiGate via linking the aforementioned binary program to a command that is allowed to be run by the fnsysctl CLI command.

Affected (3)

Products: Fortinet: Fortios

1 product

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Fortinet Fortios	Up to 5.2.0
Fortinet Fortios	From 5.4.0 to 5.4.8
Fortinet Fortios	From 5.6.0 to 5.6.2

Related CWEs

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (6)

http://www.securityfocus.com/bid/104312

Source: psirt@fortinet.com

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1040983

Source: psirt@fortinet.com

Third Party AdvisoryVDB Entry

https://fortiguard.com/advisory/FG-IR-17-245

Source: psirt@fortinet.com

MitigationVendor Advisory

http://www.securityfocus.com/bid/104312

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1040983

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://fortiguard.com/advisory/FG-IR-17-245

Source: af854a3a-2127-422b-91ae-364da2661108

MitigationVendor Advisory

Timeline

No history available yet.