{"api_version":"1","generated_at":"2026-05-08T03:19:47+00:00","cve":"CVE-2017-14187","urls":{"html":"https://cve.report/CVE-2017-14187","api":"https://cve.report/api/cve/CVE-2017-14187.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2017-14187","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2017-14187"},"summary":{"title":"CVE-2017-14187","description":"A local privilege escalation and local code execution vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.8, and 5.2 and below versions allows attacker to execute unauthorized binary program contained on an USB drive plugged into a FortiGate via linking the aforementioned binary program to a command that is allowed to be run by the fnsysctl CLI command.","state":"PUBLIC","assigner":"psirt@fortinet.com","published_at":"2018-05-24 20:29:00","updated_at":"2019-10-03 00:03:00"},"problem_types":["CWE-269"],"metrics":[],"references":[{"url":"http://www.securityfocus.com/bid/104312","name":"104312","refsource":"BID","tags":["Third Party Advisory","VDB Entry"],"title":"Fortinet FortiOS CVE-2017-14187 Local Privilege Escalation Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://fortiguard.com/advisory/FG-IR-17-245","name":"https://fortiguard.com/advisory/FG-IR-17-245","refsource":"CONFIRM","tags":["Mitigation","Vendor Advisory"],"title":"FortiOS local privilege escalation via malicious use of USB storage devices | FortiGuard","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securitytracker.com/id/1040983","name":"1040983","refsource":"SECTRACK","tags":["Third Party Advisory","VDB Entry"],"title":"Fortinet FortiOS fnsysctl Command Lets Local Administrative Users Gain Elevated Privileges - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2017-14187","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-14187","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2017","cve_id":"14187","vulnerable":"1","versionEndIncluding":"5.2.0","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fortinet","cpe5":"fortios","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"14187","vulnerable":"1","versionEndIncluding":"5.4.8","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fortinet","cpe5":"fortios","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"14187","vulnerable":"1","versionEndIncluding":"5.6.2","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fortinet","cpe5":"fortios","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"psirt@fortinet.com","DATE_PUBLIC":"2018-05-18T00:00:00","ID":"CVE-2017-14187","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"FortiOS","version":{"version_data":[{"version_value":"5.6.0 to 5.6.2"},{"version_value":"5.4.0 to 5.4.8"},{"version_value":"5.2 and below versions"}]}}]},"vendor_name":"Fortinet, Inc."}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"A local privilege escalation and local code execution vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.8, and 5.2 and below versions allows attacker to execute unauthorized binary program contained on an USB drive plugged into a FortiGate via linking the aforementioned binary program to a command that is allowed to be run by the fnsysctl CLI command."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Execute unauthorized code or commands"}]}]},"references":{"reference_data":[{"name":"1040983","refsource":"SECTRACK","url":"http://www.securitytracker.com/id/1040983"},{"name":"104312","refsource":"BID","url":"http://www.securityfocus.com/bid/104312"},{"name":"https://fortiguard.com/advisory/FG-IR-17-245","refsource":"CONFIRM","url":"https://fortiguard.com/advisory/FG-IR-17-245"}]}},"nvd":{"publishedDate":"2018-05-24 20:29:00","lastModifiedDate":"2019-10-03 00:03:00","problem_types":["CWE-269"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","attackVector":"PHYSICAL","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":6.2,"baseSeverity":"MEDIUM"},"exploitabilityScore":0.3,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:C/I:C/A:C","accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE","baseScore":7.2},"severity":"HIGH","exploitabilityScore":3.9,"impactScore":10,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*","versionStartIncluding":"5.6.0","versionEndIncluding":"5.6.2","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*","versionEndIncluding":"5.2.0","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*","versionStartIncluding":"5.4.0","versionEndIncluding":"5.4.8","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2017","CveId":"14187","Ordinal":"111615","Title":"CVE-2017-14187","CVE":"CVE-2017-14187","Year":"2017"},"notes":[{"CveYear":"2017","CveId":"14187","Ordinal":"1","NoteData":"A local privilege escalation and local code execution vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.8, and 5.2 and below versions allows attacker to execute unauthorized binary program contained on an USB drive plugged into a FortiGate via linking the aforementioned binary program to a command that is allowed to be run by the fnsysctl CLI command.","Type":"Description","Title":null},{"CveYear":"2017","CveId":"14187","Ordinal":"2","NoteData":"2018-05-24","Type":"Other","Title":"Published"},{"CveYear":"2017","CveId":"14187","Ordinal":"3","NoteData":"2018-05-31","Type":"Other","Title":"Modified"}]}}}