CVE-2017-14187
First published: Thu May 24 2018(Updated: )
A local privilege escalation and local code execution vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.8, and 5.2 and below versions allows attacker to execute unauthorized binary program contained on an USB drive plugged into a FortiGate via linking the aforementioned binary program to a command that is allowed to be run by the fnsysctl CLI command.
Credit: psirt@fortinet.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Fortinet FortiOS | <=5.2.0 | |
| Fortinet FortiOS | >=5.4.0<=5.4.8 | |
| Fortinet FortiOS | >=5.6.0<=5.6.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/references
- agent/author
- agent/severity
- agent/weakness
- agent/tags
- agent/description
- agent/event
- collector/mitre-cve
- source/MITRE
- vendor/fortinet
- canonical/fortinet fortios
- version/fortinet fortios/5.2.0
- version/fortinet fortios/5.4.0
- version/fortinet fortios/5.4.8
- version/fortinet fortios/5.6.0
- version/fortinet fortios/5.6.2