CVE-2017-17544 — Improper Privilege Management in Fortinet Fortios

CWE-269 — Improper Privilege Management4 documents4 sources

Severity

7.2HIGHNVD

EPSS

0.4%

top 41.71%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fortinet Fortios

Timeline

PublishedApr 9

Latest updateMay 13

Description

A privilege escalation vulnerability in Fortinet FortiOS 6.0.0 to 6.0.6, 5.6.0 to 5.6.10, 5.4 and below allows admin users to elevate their profile to super_admin via restoring modified configurations.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5fortinet/fortios< 6.2.0

▶NVDfortinet/fortios5.6.0 — 5.6.10+2

🔴Vulnerability Details

GHSA

GHSA-h72v-g53g-mw9x: A privilege escalation vulnerability in Fortinet FortiOS 6↗2022-05-13

▶

CVEList

CVE-2017-17544: A privilege escalation vulnerability in Fortinet FortiOS 6↗2019-04-09

▶

📋Vendor Advisories

Fortinet

A privilege escalation vulnerability in Fortinet FortiOS 6.0.0 to 6.0.6, 5.6.0 to 5.6.10, 5.4 and below allows admin use...↗2019-04-09

▶