CVE-2017-14187 — Improper Privilege Management in Fortinet Fortios

CWE-269 — Improper Privilege Management4 documents4 sources

Severity

6.2MEDIUMNVD

EPSS

0.1%

top 81.86%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fortinet Fortios Fortinet INC Fortios

Timeline

PublishedMay 24

Latest updateMay 13

Description

A local privilege escalation and local code execution vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.8, and 5.2 and below versions allows attacker to execute unauthorized binary program contained on an USB drive plugged into a FortiGate via linking the aforementioned binary program to a command that is allowed to be run by the fnsysctl CLI command.

CVSS vector

CVSS:3.0/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.3 | Impact: 5.9

Affected Packages2 packages

▶NVDfortinet/fortios5.4.0 — 5.4.8+2

▶CVEListV5fortinet_inc/fortios5.2 and below versions, 5.4.0 to 5.4.8, 5.6.0 to 5.6.2+2

🔴Vulnerability Details

GHSA

GHSA-vhrf-7c9m-v558: A local privilege escalation and local code execution vulnerability in Fortinet FortiOS 5↗2022-05-13

▶

CVEList

CVE-2017-14187: A local privilege escalation and local code execution vulnerability in Fortinet FortiOS 5↗2018-05-24

▶

📋Vendor Advisories

Fortinet

A local privilege escalation and local code execution vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.8,...↗2018-05-24

▶