CVE-2017-14187
N/A
N/A
Summary
A local privilege escalation and local code execution vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.8, and 5.2 and below versions allows attacker to execute unauthorized binary program contained on an USB drive plugged into a FortiGate via linking the aforementioned binary program to a command that is allowed to be run by the fnsysctl CLI command.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Fortinet, Inc. | FortiOS | 5.6.0 to 5.6.2 | affected |
| Fortinet, Inc. | FortiOS | 5.4.0 to 5.4.8 | affected |
| Fortinet, Inc. | FortiOS | 5.2 and below versions | affected |
Weaknesses
- Execute unauthorized code or commands
ADP Enrichment
CVE Program Container
Additional References
- http://www.securitytracker.com/id/1040983
- http://www.securityfocus.com/bid/104312
- https://fortiguard.com/advisory/FG-IR-17-245
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
- http://www.securitytracker.com/id/1040983
- http://www.securityfocus.com/bid/104312
- https://fortiguard.com/advisory/FG-IR-17-245
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.