cvelistv5 - cve-2017-14187

CVE-2017-14187 (GCVE-0-2017-14187)

Vulnerability from cvelistv5 – Published: 2018-05-24 20:00 – Updated: 2024-10-25 14:31

Summary

Severity ?

No CVSS data available.

CWE

Execute unauthorized code or commands

Assigner

fortinet

References

URL

Tags

	http://www.securitytracker.com/id/1040983	vdb-entryx_refsource_SECTRACK
	http://www.securityfocus.com/bid/104312	vdb-entryx_refsource_BID
	https://fortiguard.com/advisory/FG-IR-17-245	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Fortinet, Inc.	FortiOS	Affected: 5.6.0 to 5.6.2 Affected: 5.4.0 to 5.4.8 Affected: 5.2 and below versions

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T19:20:41.165Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1040983",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1040983"
          },
          {
            "name": "104312",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/104312"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://fortiguard.com/advisory/FG-IR-17-245"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2017-14187",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-24T20:04:02.367280Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-25T14:31:57.582Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "FortiOS",
          "vendor": "Fortinet, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "5.6.0 to 5.6.2"
            },
            {
              "status": "affected",
              "version": "5.4.0 to 5.4.8"
            },
            {
              "status": "affected",
              "version": "5.2 and below versions"
            }
          ]
        }
      ],
      "datePublic": "2018-05-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A local privilege escalation and local code execution vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.8, and 5.2 and below versions allows attacker to execute unauthorized binary program contained on an USB drive plugged into a FortiGate via linking the aforementioned binary program to a command that is allowed to be run by the fnsysctl CLI command."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Execute unauthorized code or commands",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-05-31T09:57:01",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "1040983",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1040983"
        },
        {
          "name": "104312",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/104312"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://fortiguard.com/advisory/FG-IR-17-245"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@fortinet.com",
          "DATE_PUBLIC": "2018-05-18T00:00:00",
          "ID": "CVE-2017-14187",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "FortiOS",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.6.0 to 5.6.2"
                          },
                          {
                            "version_value": "5.4.0 to 5.4.8"
                          },
                          {
                            "version_value": "5.2 and below versions"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Fortinet, Inc."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A local privilege escalation and local code execution vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.8, and 5.2 and below versions allows attacker to execute unauthorized binary program contained on an USB drive plugged into a FortiGate via linking the aforementioned binary program to a command that is allowed to be run by the fnsysctl CLI command."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Execute unauthorized code or commands"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1040983",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1040983"
            },
            {
              "name": "104312",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/104312"
            },
            {
              "name": "https://fortiguard.com/advisory/FG-IR-17-245",
              "refsource": "CONFIRM",
              "url": "https://fortiguard.com/advisory/FG-IR-17-245"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2017-14187",
    "datePublished": "2018-05-24T20:00:00Z",
    "dateReserved": "2017-09-07T00:00:00",
    "dateUpdated": "2024-10-25T14:31:57.582Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"5.2.0\", \"matchCriteriaId\": \"3085A41F-2305-46D3-AE10-6D256B6E1F95\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"5.4.0\", \"versionEndIncluding\": \"5.4.8\", \"matchCriteriaId\": \"DCDB1D22-D470-4AA4-AFB9-1A3D28E69C2A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"5.6.0\", \"versionEndIncluding\": \"5.6.2\", \"matchCriteriaId\": \"C44E69B8-A1E8-437B-ADA3-10DE256B3368\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A local privilege escalation and local code execution vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.8, and 5.2 and below versions allows attacker to execute unauthorized binary program contained on an USB drive plugged into a FortiGate via linking the aforementioned binary program to a command that is allowed to be run by the fnsysctl CLI command.\"}, {\"lang\": \"es\", \"value\": \"Una vulnerabilidad de escalado de privilegios local y ejecuci\\u00f3n de c\\u00f3digo local en Fortinet FortiOS, de la versi\\u00f3n 5.6.0 hasta la 5.6.2, de la versi\\u00f3n 5.4.0 hasta la 5.4.8 y en versiones 5.2 y anteriores, permite que un atacante ejecute un programa binario no autorizado en una memoria USB conectada en un FortiGate enlazando dicho programa binario con un comando que puede ser ejecutado por el comando fnsysctl de la interfaz de l\\u00ednea de comandos.\"}]",
      "id": "CVE-2017-14187",
      "lastModified": "2024-11-21T03:12:19.473",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 6.2, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"PHYSICAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 0.3, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:L/Au:N/C:C/I:C/A:C\", \"baseScore\": 7.2, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 3.9, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2018-05-24T20:29:00.210",
      "references": "[{\"url\": \"http://www.securityfocus.com/bid/104312\", \"source\": \"psirt@fortinet.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1040983\", \"source\": \"psirt@fortinet.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://fortiguard.com/advisory/FG-IR-17-245\", \"source\": \"psirt@fortinet.com\", \"tags\": [\"Mitigation\", \"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/104312\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1040983\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://fortiguard.com/advisory/FG-IR-17-245\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mitigation\", \"Vendor Advisory\"]}]",
      "sourceIdentifier": "psirt@fortinet.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-269\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2017-14187\",\"sourceIdentifier\":\"psirt@fortinet.com\",\"published\":\"2018-05-24T20:29:00.210\",\"lastModified\":\"2024-11-21T03:12:19.473\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A local privilege escalation and local code execution vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.8, and 5.2 and below versions allows attacker to execute unauthorized binary program contained on an USB drive plugged into a FortiGate via linking the aforementioned binary program to a command that is allowed to be run by the fnsysctl CLI command.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad de escalado de privilegios local y ejecuci\u00f3n de c\u00f3digo local en Fortinet FortiOS, de la versi\u00f3n 5.6.0 hasta la 5.6.2, de la versi\u00f3n 5.4.0 hasta la 5.4.8 y en versiones 5.2 y anteriores, permite que un atacante ejecute un programa binario no autorizado en una memoria USB conectada en un FortiGate enlazando dicho programa binario con un comando que puede ser ejecutado por el comando fnsysctl de la interfaz de l\u00ednea de comandos.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":6.2,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"PHYSICAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":0.3,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":7.2,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":3.9,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-269\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"5.2.0\",\"matchCriteriaId\":\"3085A41F-2305-46D3-AE10-6D256B6E1F95\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.4.0\",\"versionEndIncluding\":\"5.4.8\",\"matchCriteriaId\":\"DCDB1D22-D470-4AA4-AFB9-1A3D28E69C2A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.6.0\",\"versionEndIncluding\":\"5.6.2\",\"matchCriteriaId\":\"C44E69B8-A1E8-437B-ADA3-10DE256B3368\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/104312\",\"source\":\"psirt@fortinet.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1040983\",\"source\":\"psirt@fortinet.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://fortiguard.com/advisory/FG-IR-17-245\",\"source\":\"psirt@fortinet.com\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/104312\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1040983\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://fortiguard.com/advisory/FG-IR-17-245\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"http://www.securitytracker.com/id/1040983\", \"name\": \"1040983\", \"tags\": [\"vdb-entry\", \"x_refsource_SECTRACK\", \"x_transferred\"]}, {\"url\": \"http://www.securityfocus.com/bid/104312\", \"name\": \"104312\", \"tags\": [\"vdb-entry\", \"x_refsource_BID\", \"x_transferred\"]}, {\"url\": \"https://fortiguard.com/advisory/FG-IR-17-245\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-05T19:20:41.165Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2017-14187\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-10-24T20:04:02.367280Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-10-25T14:18:13.781Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"Fortinet, Inc.\", \"product\": \"FortiOS\", \"versions\": [{\"status\": \"affected\", \"version\": \"5.6.0 to 5.6.2\"}, {\"status\": \"affected\", \"version\": \"5.4.0 to 5.4.8\"}, {\"status\": \"affected\", \"version\": \"5.2 and below versions\"}]}], \"datePublic\": \"2018-05-18T00:00:00\", \"references\": [{\"url\": \"http://www.securitytracker.com/id/1040983\", \"name\": \"1040983\", \"tags\": [\"vdb-entry\", \"x_refsource_SECTRACK\"]}, {\"url\": \"http://www.securityfocus.com/bid/104312\", \"name\": \"104312\", \"tags\": [\"vdb-entry\", \"x_refsource_BID\"]}, {\"url\": \"https://fortiguard.com/advisory/FG-IR-17-245\", \"tags\": [\"x_refsource_CONFIRM\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A local privilege escalation and local code execution vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.8, and 5.2 and below versions allows attacker to execute unauthorized binary program contained on an USB drive plugged into a FortiGate via linking the aforementioned binary program to a command that is allowed to be run by the fnsysctl CLI command.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"Execute unauthorized code or commands\"}]}], \"providerMetadata\": {\"orgId\": \"6abe59d8-c742-4dff-8ce8-9b0ca1073da8\", \"shortName\": \"fortinet\", \"dateUpdated\": \"2018-05-31T09:57:01\"}, \"x_legacyV4Record\": {\"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"5.6.0 to 5.6.2\"}, {\"version_value\": \"5.4.0 to 5.4.8\"}, {\"version_value\": \"5.2 and below versions\"}]}, \"product_name\": \"FortiOS\"}]}, \"vendor_name\": \"Fortinet, Inc.\"}]}}, \"data_type\": \"CVE\", \"references\": {\"reference_data\": [{\"url\": \"http://www.securitytracker.com/id/1040983\", \"name\": \"1040983\", \"refsource\": \"SECTRACK\"}, {\"url\": \"http://www.securityfocus.com/bid/104312\", \"name\": \"104312\", \"refsource\": \"BID\"}, {\"url\": \"https://fortiguard.com/advisory/FG-IR-17-245\", \"name\": \"https://fortiguard.com/advisory/FG-IR-17-245\", \"refsource\": \"CONFIRM\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"A local privilege escalation and local code execution vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.8, and 5.2 and below versions allows attacker to execute unauthorized binary program contained on an USB drive plugged into a FortiGate via linking the aforementioned binary program to a command that is allowed to be run by the fnsysctl CLI command.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"Execute unauthorized code or commands\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2017-14187\", \"STATE\": \"PUBLIC\", \"ASSIGNER\": \"psirt@fortinet.com\", \"DATE_PUBLIC\": \"2018-05-18T00:00:00\"}}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2017-14187\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-10-25T14:31:57.582Z\", \"dateReserved\": \"2017-09-07T00:00:00\", \"assignerOrgId\": \"6abe59d8-c742-4dff-8ce8-9b0ca1073da8\", \"datePublished\": \"2018-05-24T20:00:00Z\", \"assignerShortName\": \"fortinet\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

CERTFR-2018-AVI-246

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans Fortinet FortiOS. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données et une élévation de privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Fortinet	FortiOS	FortiOS versions 5.2 et antérieures
Fortinet	FortiOS	FortiOS versions 5.6.0 à 5.6.2
Fortinet	FortiOS	FortiOS versions 5.4.0 à 5.4.8

References

Title

Publication Time

Tags

Bulletin de sécurité Fortinet FG-IR-17-231 du 18 mai 2018	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-17-245 du 18 mai 2018	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "FortiOS versions 5.2 et ant\u00e9rieures",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 5.6.0 \u00e0 5.6.2",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 5.4.0 \u00e0 5.4.8",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2017-14187",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-14187"
    },
    {
      "name": "CVE-2017-14185",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-14185"
    }
  ],
  "links": [],
  "reference": "CERTFR-2018-AVI-246",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2018-05-22T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Fortinet FortiOS.\nElles permettent \u00e0 un attaquant de provoquer une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es et une \u00e9l\u00e9vation de privil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Fortinet FortiOS",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-17-231 du 18 mai 2018",
      "url": "https://fortiguard.com/psirt/FG-IR-17-231"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-17-245 du 18 mai 2018",
      "url": "https://fortiguard.com/psirt/FG-IR-17-245"
    }
  ]
}

CERTFR-2018-AVI-246

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Fortinet	FortiOS	FortiOS versions 5.2 et antérieures
Fortinet	FortiOS	FortiOS versions 5.6.0 à 5.6.2
Fortinet	FortiOS	FortiOS versions 5.4.0 à 5.4.8

References

Title

Publication Time

Tags

Bulletin de sécurité Fortinet FG-IR-17-231 du 18 mai 2018	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-17-245 du 18 mai 2018	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "FortiOS versions 5.2 et ant\u00e9rieures",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 5.6.0 \u00e0 5.6.2",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 5.4.0 \u00e0 5.4.8",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2017-14187",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-14187"
    },
    {
      "name": "CVE-2017-14185",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-14185"
    }
  ],
  "links": [],
  "reference": "CERTFR-2018-AVI-246",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2018-05-22T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Fortinet FortiOS.\nElles permettent \u00e0 un attaquant de provoquer une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es et une \u00e9l\u00e9vation de privil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Fortinet FortiOS",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-17-231 du 18 mai 2018",
      "url": "https://fortiguard.com/psirt/FG-IR-17-231"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-17-245 du 18 mai 2018",
      "url": "https://fortiguard.com/psirt/FG-IR-17-245"
    }
  ]
}

CNVD-2018-10482

Vulnerability from cnvd - Published: 2018-05-29

Title

Fortinet FortiOS本地权限提升漏洞（CNVD-2018-10482）

Description

Fortinet FortiOS是美国飞塔（Fortinet）公司开发的一套专用于FortiGate网络安全平台上的安全操作系统。该系统为用户提供防火墙、防病毒、IPSec/SSL VPN、Web内容过滤和反垃圾邮件等多种安全功能。 Fortinet FortiOS中存在安全漏洞。本地攻击者可利用该漏洞提升权限，并执行任意的二进制程序。

Severity

中

Patch Name

Fortinet FortiOS本地权限提升漏洞（CNVD-2018-10482）的补丁

Patch Description

Formal description

厂商已发布漏洞修复程序，请及时关注更新： https://fortiguard.com/psirt/FG-IR-17-245

Reference

https://fortiguard.com/psirt/FG-IR-17-245

Impacted products

Name
['Fortinet FortiOS >=5.6.0，<=5.6.2', 'Fortinet FortiOS <=5.2', 'Fortinet FortiOS >=5.4.0，<=5.4.8']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-14187"
    }
  },
  "description": "Fortinet FortiOS\u662f\u7f8e\u56fd\u98de\u5854\uff08Fortinet\uff09\u516c\u53f8\u5f00\u53d1\u7684\u4e00\u5957\u4e13\u7528\u4e8eFortiGate\u7f51\u7edc\u5b89\u5168\u5e73\u53f0\u4e0a\u7684\u5b89\u5168\u64cd\u4f5c\u7cfb\u7edf\u3002\u8be5\u7cfb\u7edf\u4e3a\u7528\u6237\u63d0\u4f9b\u9632\u706b\u5899\u3001\u9632\u75c5\u6bd2\u3001IPSec/SSL VPN\u3001Web\u5185\u5bb9\u8fc7\u6ee4\u548c\u53cd\u5783\u573e\u90ae\u4ef6\u7b49\u591a\u79cd\u5b89\u5168\u529f\u80fd\u3002\r\n\r\nFortinet FortiOS\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u672c\u5730\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u63d0\u5347\u6743\u9650\uff0c\u5e76\u6267\u884c\u4efb\u610f\u7684\u4e8c\u8fdb\u5236\u7a0b\u5e8f\u3002",
  "discovererName": "Unknow",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://fortiguard.com/psirt/FG-IR-17-245",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-10482",
  "openTime": "2018-05-29",
  "patchDescription": "Fortinet FortiOS\u662f\u7f8e\u56fd\u98de\u5854\uff08Fortinet\uff09\u516c\u53f8\u5f00\u53d1\u7684\u4e00\u5957\u4e13\u7528\u4e8eFortiGate\u7f51\u7edc\u5b89\u5168\u5e73\u53f0\u4e0a\u7684\u5b89\u5168\u64cd\u4f5c\u7cfb\u7edf\u3002\u8be5\u7cfb\u7edf\u4e3a\u7528\u6237\u63d0\u4f9b\u9632\u706b\u5899\u3001\u9632\u75c5\u6bd2\u3001IPSec/SSL VPN\u3001Web\u5185\u5bb9\u8fc7\u6ee4\u548c\u53cd\u5783\u573e\u90ae\u4ef6\u7b49\u591a\u79cd\u5b89\u5168\u529f\u80fd\u3002\r\n\r\nFortinet FortiOS\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u672c\u5730\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u63d0\u5347\u6743\u9650\uff0c\u5e76\u6267\u884c\u4efb\u610f\u7684\u4e8c\u8fdb\u5236\u7a0b\u5e8f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Fortinet FortiOS\u672c\u5730\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\uff08CNVD-2018-10482\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Fortinet FortiOS \u003e=5.6.0\uff0c\u003c=5.6.2",
      "Fortinet FortiOS \u003c=5.2",
      "Fortinet FortiOS \u003e=5.4.0\uff0c\u003c=5.4.8"
    ]
  },
  "referenceLink": "https://fortiguard.com/psirt/FG-IR-17-245",
  "serverity": "\u4e2d",
  "submitTime": "2018-05-25",
  "title": "Fortinet FortiOS\u672c\u5730\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\uff08CNVD-2018-10482\uff09"
}

GSD-2017-14187

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2017-14187

Aliases

CVE-2017-14187

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-14187",
    "description": "A local privilege escalation and local code execution vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.8, and 5.2 and below versions allows attacker to execute unauthorized binary program contained on an USB drive plugged into a FortiGate via linking the aforementioned binary program to a command that is allowed to be run by the fnsysctl CLI command.",
    "id": "GSD-2017-14187"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-14187"
      ],
      "details": "A local privilege escalation and local code execution vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.8, and 5.2 and below versions allows attacker to execute unauthorized binary program contained on an USB drive plugged into a FortiGate via linking the aforementioned binary program to a command that is allowed to be run by the fnsysctl CLI command.",
      "id": "GSD-2017-14187",
      "modified": "2023-12-13T01:21:13.037205Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@fortinet.com",
        "DATE_PUBLIC": "2018-05-18T00:00:00",
        "ID": "CVE-2017-14187",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "FortiOS",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "5.6.0 to 5.6.2"
                        },
                        {
                          "version_value": "5.4.0 to 5.4.8"
                        },
                        {
                          "version_value": "5.2 and below versions"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Fortinet, Inc."
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A local privilege escalation and local code execution vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.8, and 5.2 and below versions allows attacker to execute unauthorized binary program contained on an USB drive plugged into a FortiGate via linking the aforementioned binary program to a command that is allowed to be run by the fnsysctl CLI command."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Execute unauthorized code or commands"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "1040983",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1040983"
          },
          {
            "name": "104312",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/104312"
          },
          {
            "name": "https://fortiguard.com/advisory/FG-IR-17-245",
            "refsource": "CONFIRM",
            "url": "https://fortiguard.com/advisory/FG-IR-17-245"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.6.2",
                "versionStartIncluding": "5.6.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.4.8",
                "versionStartIncluding": "5.4.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.2.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@fortinet.com",
          "ID": "CVE-2017-14187"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A local privilege escalation and local code execution vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.8, and 5.2 and below versions allows attacker to execute unauthorized binary program contained on an USB drive plugged into a FortiGate via linking the aforementioned binary program to a command that is allowed to be run by the fnsysctl CLI command."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-269"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://fortiguard.com/advisory/FG-IR-17-245",
              "refsource": "CONFIRM",
              "tags": [
                "Mitigation",
                "Vendor Advisory"
              ],
              "url": "https://fortiguard.com/advisory/FG-IR-17-245"
            },
            {
              "name": "1040983",
              "refsource": "SECTRACK",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securitytracker.com/id/1040983"
            },
            {
              "name": "104312",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/104312"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "PHYSICAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 0.3,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2019-10-03T00:03Z",
      "publishedDate": "2018-05-24T20:29Z"
    }
  }
}

FKIE_CVE-2017-14187

Vulnerability from fkie_nvd - Published: 2018-05-24 20:29 - Updated: 2024-11-21 03:12

Severity ?

6.2 (Medium) - CVSS:3.0/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
psirt@fortinet.com	http://www.securityfocus.com/bid/104312	Third Party Advisory, VDB Entry
psirt@fortinet.com	http://www.securitytracker.com/id/1040983	Third Party Advisory, VDB Entry
psirt@fortinet.com	https://fortiguard.com/advisory/FG-IR-17-245	Mitigation, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/104312	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1040983	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://fortiguard.com/advisory/FG-IR-17-245	Mitigation, Vendor Advisory

Impacted products

Vendor	Product	Version
fortinet	fortios	*
fortinet	fortios	*
fortinet	fortios	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3085A41F-2305-46D3-AE10-6D256B6E1F95",
              "versionEndIncluding": "5.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DCDB1D22-D470-4AA4-AFB9-1A3D28E69C2A",
              "versionEndIncluding": "5.4.8",
              "versionStartIncluding": "5.4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C44E69B8-A1E8-437B-ADA3-10DE256B3368",
              "versionEndIncluding": "5.6.2",
              "versionStartIncluding": "5.6.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A local privilege escalation and local code execution vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.8, and 5.2 and below versions allows attacker to execute unauthorized binary program contained on an USB drive plugged into a FortiGate via linking the aforementioned binary program to a command that is allowed to be run by the fnsysctl CLI command."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de escalado de privilegios local y ejecuci\u00f3n de c\u00f3digo local en Fortinet FortiOS, de la versi\u00f3n 5.6.0 hasta la 5.6.2, de la versi\u00f3n 5.4.0 hasta la 5.4.8 y en versiones 5.2 y anteriores, permite que un atacante ejecute un programa binario no autorizado en una memoria USB conectada en un FortiGate enlazando dicho programa binario con un comando que puede ser ejecutado por el comando fnsysctl de la interfaz de l\u00ednea de comandos."
    }
  ],
  "id": "CVE-2017-14187",
  "lastModified": "2024-11-21T03:12:19.473",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "PHYSICAL",
          "availabilityImpact": "HIGH",
          "baseScore": 6.2,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 0.3,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-05-24T20:29:00.210",
  "references": [
    {
      "source": "psirt@fortinet.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/104312"
    },
    {
      "source": "psirt@fortinet.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1040983"
    },
    {
      "source": "psirt@fortinet.com",
      "tags": [
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "https://fortiguard.com/advisory/FG-IR-17-245"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/104312"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1040983"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "https://fortiguard.com/advisory/FG-IR-17-245"
    }
  ],
  "sourceIdentifier": "psirt@fortinet.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-269"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-VHRF-7C9M-V558

Vulnerability from github – Published: 2022-05-13 01:43 – Updated: 2022-05-13 01:43

Details

Severity ?

6.2 (Medium)


                  
                    CVSS:3.0/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-14187"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-05-24T20:29:00Z",
    "severity": "HIGH"
  },
  "details": "A local privilege escalation and local code execution vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.8, and 5.2 and below versions allows attacker to execute unauthorized binary program contained on an USB drive plugged into a FortiGate via linking the aforementioned binary program to a command that is allowed to be run by the fnsysctl CLI command.",
  "id": "GHSA-vhrf-7c9m-v558",
  "modified": "2022-05-13T01:43:20Z",
  "published": "2022-05-13T01:43:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14187"
    },
    {
      "type": "WEB",
      "url": "https://fortiguard.com/advisory/FG-IR-17-245"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/104312"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1040983"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

VAR-201805-0118

Vulnerability from variot - Updated: 2023-12-18 12:56

A local privilege escalation and local code execution vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.8, and 5.2 and below versions allows attacker to execute unauthorized binary program contained on an USB drive plugged into a FortiGate via linking the aforementioned binary program to a command that is allowed to be run by the fnsysctl CLI command. Fortinet FortiOS Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Fortinet FortiOS is prone to a local privilege-escalation vulnerability. Local attackers may exploit this issue to gain elevated privileges. The following versions are vulnerable: FortiOS 5.6.0 through 5.6.2 FortiOS 5.4.0 through 5.4.8 FortiOS 5.2 through below. Fortinet FortiOS is a set of security operating systems developed by Fortinet Corporation for the FortiGate network security platform. The system provides users with various security functions such as firewall, anti-virus, IPSec/SSL VPN, Web content filtering and anti-spam

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201805-0118",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "fortios",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "5.4.0"
      },
      {
        "model": "fortios",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "5.6.0"
      },
      {
        "model": "fortios",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "5.6.2"
      },
      {
        "model": "fortios",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "5.4.8"
      },
      {
        "model": "fortios",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "5.2.0"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "fortinet",
        "version": "5.4.3"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "fortinet",
        "version": "5.4.0"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "fortinet",
        "version": "5.2.0"
      },
      {
        "model": "fortios",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "fortinet",
        "version": "5.2"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "fortinet",
        "version": "5.4.0 to  5.4.8"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "fortinet",
        "version": "5.6.0 to  5.6.2"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.6.2"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.6"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.4.8"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.4.7"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.4.6"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.4.5"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.4.4"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.4.2"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.4.1"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.13"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.9"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.8"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.7"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.3"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.2"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.1"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "4.7.7"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "4.3.19"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "4.3.17"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "4.3.15"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "4.3.10"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "4.3.9"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "4.3.8"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "4.3"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "4.2.13"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "4.2.12"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "4.1.11"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "4.1.10"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "3.0"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "2.80"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "2.50"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "2.36"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.6.1"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.6"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.5"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.4"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.12"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.11"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.0"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "4.3.18"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "4.3.16"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "4.3.14"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "4.3.13"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "4.3.12"
      },
      {
        "model": "fortios",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.6.3"
      },
      {
        "model": "fortios",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.4.9"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "104312"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-013464"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-14187"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201709-356"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.6.2",
                "versionStartIncluding": "5.6.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.4.8",
                "versionStartIncluding": "5.4.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.2.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-14187"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Shaanan Cohney of University of Pennsylvania",
    "sources": [
      {
        "db": "BID",
        "id": "104312"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2017-14187",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.9,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Local",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 7.2,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "CVE-2017-14187",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.9,
            "id": "VHN-104884",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "PHYSICAL",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 0.3,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Physical",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 6.2,
            "baseSeverity": "Medium",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2017-14187",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "High",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2017-14187",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201709-356",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-104884",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-104884"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-013464"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-14187"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201709-356"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A local privilege escalation and local code execution vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.8, and 5.2 and below versions allows attacker to execute unauthorized binary program contained on an USB drive plugged into a FortiGate via linking the aforementioned binary program to a command that is allowed to be run by the fnsysctl CLI command. Fortinet FortiOS Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Fortinet FortiOS is prone to a local privilege-escalation vulnerability. \nLocal attackers may exploit this issue to gain elevated privileges. \nThe following versions are vulnerable:\nFortiOS 5.6.0 through 5.6.2\nFortiOS 5.4.0 through  5.4.8\nFortiOS 5.2 through below. Fortinet FortiOS is a set of security operating systems developed by Fortinet Corporation for the FortiGate network security platform. The system provides users with various security functions such as firewall, anti-virus, IPSec/SSL VPN, Web content filtering and anti-spam",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-14187"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-013464"
      },
      {
        "db": "BID",
        "id": "104312"
      },
      {
        "db": "VULHUB",
        "id": "VHN-104884"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-14187",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "104312",
        "trust": 2.0
      },
      {
        "db": "SECTRACK",
        "id": "1040983",
        "trust": 1.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-013464",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201709-356",
        "trust": 0.7
      },
      {
        "db": "VULHUB",
        "id": "VHN-104884",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-104884"
      },
      {
        "db": "BID",
        "id": "104312"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-013464"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-14187"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201709-356"
      }
    ]
  },
  "id": "VAR-201805-0118",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-104884"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T12:56:59.632000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "FG-IR-17-245",
        "trust": 0.8,
        "url": "https://fortiguard.com/psirt/fg-ir-17-245"
      },
      {
        "title": "Fortinet FortiOS Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=100032"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-013464"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201709-356"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-269",
        "trust": 1.1
      },
      {
        "problemtype": "CWE-264",
        "trust": 0.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-104884"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-013464"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-14187"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/104312"
      },
      {
        "trust": 1.7,
        "url": "https://fortiguard.com/advisory/fg-ir-17-245"
      },
      {
        "trust": 1.7,
        "url": "http://www.securitytracker.com/id/1040983"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-14187"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-14187"
      },
      {
        "trust": 0.3,
        "url": "http://www.fortinet.com/products/fortimanager/"
      },
      {
        "trust": 0.3,
        "url": "https://fortiguard.com/psirt/fg-ir-17-245"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-104884"
      },
      {
        "db": "BID",
        "id": "104312"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-013464"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-14187"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201709-356"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-104884"
      },
      {
        "db": "BID",
        "id": "104312"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-013464"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-14187"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201709-356"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-05-24T00:00:00",
        "db": "VULHUB",
        "id": "VHN-104884"
      },
      {
        "date": "2018-05-18T00:00:00",
        "db": "BID",
        "id": "104312"
      },
      {
        "date": "2018-07-12T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-013464"
      },
      {
        "date": "2018-05-24T20:29:00.210000",
        "db": "NVD",
        "id": "CVE-2017-14187"
      },
      {
        "date": "2017-09-12T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201709-356"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-10-03T00:00:00",
        "db": "VULHUB",
        "id": "VHN-104884"
      },
      {
        "date": "2018-05-18T00:00:00",
        "db": "BID",
        "id": "104312"
      },
      {
        "date": "2018-07-12T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-013464"
      },
      {
        "date": "2019-10-03T00:03:26.223000",
        "db": "NVD",
        "id": "CVE-2017-14187"
      },
      {
        "date": "2019-10-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201709-356"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "BID",
        "id": "104312"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201709-356"
      }
    ],
    "trust": 0.9
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Fortinet FortiOS Vulnerabilities related to authorization, permissions, and access control",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-013464"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "permissions and access control issues",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201709-356"
      }
    ],
    "trust": 0.6
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2017-14187 (GCVE-0-2017-14187)

CERTFR-2018-AVI-246

Solution

CERTFR-2018-AVI-246

Solution

CNVD-2018-10482

GSD-2017-14187

FKIE_CVE-2017-14187

GHSA-VHRF-7C9M-V558

VAR-201805-0118

Tags

Sightings

Nomenclature