CVE-2017-14187

A local privilege escalation and local code execution vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.8, and 5.2 and below versions allows attacker to execute unauthorized binary program contained on an USB drive plugged into a FortiGate via linking the aforementioned binary program to a command that is allowed to be run by the fnsysctl CLI command.
References
Link Resource
https://fortiguard.com/advisory/FG-IR-17-245 Mitigation Vendor Advisory
http://www.securitytracker.com/id/1040983 Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/104312 Third Party Advisory VDB Entry
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*

Information

Published : 2018-05-24 13:29

Updated : 2019-10-02 17:03


NVD link : CVE-2017-14187

Mitre link : CVE-2017-14187


JSON object : View

CWE
CWE-269

Improper Privilege Management

Advertisement

dedicated server usa

Products Affected

fortinet

  • fortios