Описание
A local privilege escalation and local code execution vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.8, and 5.2 and below versions allows attacker to execute unauthorized binary program contained on an USB drive plugged into a FortiGate via linking the aforementioned binary program to a command that is allowed to be run by the fnsysctl CLI command.
Ссылки
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- MitigationVendor Advisory
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- MitigationVendor Advisory
Уязвимые конфигурации
Одно из
EPSS
6.2 Medium
CVSS3
7.2 High
CVSS2
Дефекты
Связанные уязвимости
A local privilege escalation and local code execution vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.8, and 5.2 and below versions allows attacker to execute unauthorized binary program contained on an USB drive plugged into a FortiGate via linking the aforementioned binary program to a command that is allowed to be run by the fnsysctl CLI command.
Уязвимость операционной системы FortiOS, вызванная ошибками управления доступом, позволяющая нарушителю выполнить произвольный код
EPSS
6.2 Medium
CVSS3
7.2 High
CVSS2