CVE-2017-14187

MEDIUM

Fortinet FortiOS <5.6.3 - Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-14187. PoCs published by 0xSIGILL.

AI-analyzed exploit summary This PoC exploits CVE-2017-14187, a local privilege escalation vulnerability in FortiOS, by leveraging LD_PRELOAD injection via the fnsysctl command to execute arbitrary code and spawn a root shell. The exploit requires physical access to a USB drive and system_admin credentials.

Description

A local privilege escalation and local code execution vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.8, and 5.2 and below versions allows attacker to execute unauthorized binary program contained on an USB drive plugged into a FortiGate via linking the aforementioned binary program to a command that is allowed to be run by the fnsysctl CLI command.

Exploits (1)

nomisec WORKING POC 1 stars

by 0xSIGILL · poc

https://github.com/0xSIGILL/CVE-2017-14187_PoC_ARMv7

View Code ZIP pw:eip

This PoC exploits CVE-2017-14187, a local privilege escalation vulnerability in FortiOS, by leveraging LD_PRELOAD injection via the fnsysctl command to execute arbitrary code and spawn a root shell. The exploit requires physical access to a USB drive and system_admin credentials.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Trivial

Reliability

Reliable

Target: FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.8, and below 5.2

Auth required

Prerequisites: Physical access to USB drive · System_admin credentials · Vulnerable FortiOS version

MITRE ATT&CK

T1574.006 - Dynamic Linker Hijacking T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1040983

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/104312

Mitigation, Vendor Advisory x_refsource_confirm

https://fortiguard.com/advisory/FG-IR-17-245

Scores

CVSS v3 6.2

EPSS 0.0046

EPSS Percentile 36.5%

Attack Vector PHYSICAL

CVSS:3.0/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-269

Status published

Products (1)

fortinet/fortios < 5.2.0

Published May 24, 2018

Tracked Since Feb 18, 2026