Vulnerability Description
A local privilege escalation and local code execution vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.8, and 5.2 and below versions allows attacker to execute unauthorized binary program contained on an USB drive plugged into a FortiGate via linking the aforementioned binary program to a command that is allowed to be run by the fnsysctl CLI command.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Fortinet | Fortios | <= 5.2.0 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/104312Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1040983Third Party AdvisoryVDB Entry
- https://fortiguard.com/advisory/FG-IR-17-245MitigationVendor Advisory
- http://www.securityfocus.com/bid/104312Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1040983Third Party AdvisoryVDB Entry
- https://fortiguard.com/advisory/FG-IR-17-245MitigationVendor Advisory
FAQ
What is CVE-2017-14187?
CVE-2017-14187 is a vulnerability with a CVSS score of 6.2 (MEDIUM). A local privilege escalation and local code execution vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.8, and 5.2 and below versions allows attacker to execute unauthorized binary progra...
How severe is CVE-2017-14187?
CVE-2017-14187 has been rated MEDIUM with a CVSS base score of 6.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-14187?
Check the references section above for vendor advisories and patch information. Affected products include: Fortinet Fortios.