Memory Write Vulnerability in Fortinet FortiClient Drivers
CVE-2015-5735

Currently unrated

Key Information:

Vendor: Fortinet
Status: Forticlient
Vendor: CVE Published:; 3 September 2015

Summary

The Fortinet FortiClient software has a vulnerability within its drivers, specifically mdare64_48.sys, mdare32_48.sys, mdare32_52.sys, and mdare64_52.sys, that allows local users to gain unauthorized access to system memory. By executing a specific ioctl call (0x226108), an attacker can write data to arbitrary memory locations, potentially leading to further system compromise or escalation of privileges. It is crucial for users and administrators of FortiClient to ensure they are running versions 5.2.4 or later to mitigate this risk.

References

http://www.coresecurity.com/advisories/forticlient-antivi...

x_refsource_MISC

http://packetstormsecurity.com/files/133398/FortiClient-A...

x_refsource_MISC

http://www.securitytracker.com/id/1033439

vdb-entryx_refsource_SECTRACK

Timeline

Vulnerability published
Sep 3, 2015
Vulnerability Reserved
Aug 4, 2015