CVE-2017-14187

Summary

A local privilege escalation and local code execution vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.8, and 5.2 and below versions allows attacker to execute unauthorized binary program contained on an USB drive plugged into a FortiGate via linking the aforementioned binary program to a command that is allowed to be run by the fnsysctl CLI command.

Affected Software

VendorProductVersion RangeStatus
Fortinet, Inc.FortiOS5.6.0 to 5.6.2affected
Fortinet, Inc.FortiOS5.4.0 to 5.4.8affected
Fortinet, Inc.FortiOS5.2 and below versionsaffected

Weaknesses

  • Execute unauthorized code or commands

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References