CVE-2017-14187
First published: Thu May 24 2018(Updated: )
A local privilege escalation and local code execution vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.8, and 5.2 and below versions allows attacker to execute unauthorized binary program contained on an USB drive plugged into a FortiGate via linking the aforementioned binary program to a command that is allowed to be run by the fnsysctl CLI command.
Credit: psirt@fortinet.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| FortiOS | <=5.2.0 | |
| FortiOS | >=5.4.0<=5.4.8 | |
| FortiOS | >=5.6.0<=5.6.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2017-14187?
CVE-2017-14187 is classified as a high severity vulnerability due to its potential for local privilege escalation.
How do I fix CVE-2017-14187?
To mitigate CVE-2017-14187, upgrade FortiOS to a version higher than 5.6.2, 5.4.8, or 5.2.
What systems are affected by CVE-2017-14187?
CVE-2017-14187 affects Fortinet FortiOS versions 5.6.0 to 5.6.2, 5.4.0 to 5.4.8, and 5.2 and below.
Can CVE-2017-14187 lead to remote code execution?
CVE-2017-14187 can lead to local code execution if an attacker has physical access to the FortiGate device.
Is there a known exploit for CVE-2017-14187?
Yes, there are known exploits that take advantage of the vulnerabilities present in Fortinet FortiOS versions defined in CVE-2017-14187.
- agent/type
- agent/references
- agent/author
- agent/severity
- agent/weakness
- agent/description
- agent/event
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/fortinet
- canonical/fortios
- version/fortios/5.2.0
- version/fortios/5.4.0
- version/fortios/5.4.8
- version/fortios/5.6.0
- version/fortios/5.6.2