Kernel Code Execution Vulnerability in FortiClient by Fortinet
CVE-2015-5736

Currently unrated

Key Information:

Vendor

Fortinet

Vendor
CVE Published:
3 September 2015

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2015-5736?

The Fortishield.sys driver in Fortinet's FortiClient prior to version 5.2.4 contains vulnerabilities that allow local users to execute arbitrary code with kernel privileges. This is achieved by manipulating the callback function via specific ioctl calls, namely 0x220024 and 0x220028. Unauthorized access to kernel-level operations can lead to significant security risks and system compromise if exploited.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

References

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2015-5736 : Kernel Code Execution Vulnerability in FortiClient by Fortinet