CVE-2015-5736

Currently unrated

Key Information:

Vendor: Fortinet
Status: Forticlient
Vendor: CVE Published:; 3 September 2015

Summary

The Fortishield.sys driver in Fortinet FortiClient before 5.2.4 allows local users to execute arbitrary code with kernel privileges by setting the callback function in a (1) 0x220024 or (2) 0x220028 ioctl call.

References

http://www.coresecurity.com/advisories/forticlient-antivi...

x_refsource_MISC

https://www.exploit-db.com/exploits/41722/

exploitx_refsource_EXPLOIT-DB

http://packetstormsecurity.com/files/133398/FortiClient-A...

x_refsource_MISC

Timeline

Vulnerability published
Sep 3, 2015
Vulnerability Reserved
Aug 4, 2015