ghsa-vhrf-7c9m-v558
Vulnerability from github
Published
2022-05-13 01:43
Modified
2022-05-13 01:43
Severity
6.2 (Medium) - CVSS_V3 - CVSS:3.0/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Details

A local privilege escalation and local code execution vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.8, and 5.2 and below versions allows attacker to execute unauthorized binary program contained on an USB drive plugged into a FortiGate via linking the aforementioned binary program to a command that is allowed to be run by the fnsysctl CLI command.

Show details on source website

To clipboard 

{
  "affected": [],
  "aliases": [
    "CVE-2017-14187"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-05-24T20:29:00Z",
    "severity": "HIGH"
  },
  "details": "A local privilege escalation and local code execution vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.8, and 5.2 and below versions allows attacker to execute unauthorized binary program contained on an USB drive plugged into a FortiGate via linking the aforementioned binary program to a command that is allowed to be run by the fnsysctl CLI command.",
  "id": "GHSA-vhrf-7c9m-v558",
  "modified": "2022-05-13T01:43:20Z",
  "published": "2022-05-13T01:43:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14187"
    },
    {
      "type": "WEB",
      "url": "https://fortiguard.com/advisory/FG-IR-17-245"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/104312"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1040983"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.