Kernel Code Execution Vulnerability in FortiClient by Fortinet
CVE-2015-5736
Currently unrated
Key Information:
- Vendor
Fortinet
- Status
- Vendor
- CVE Published:
- 3 September 2015
Badges
👾 Exploit Exists🟡 Public PoC
What is CVE-2015-5736?
The Fortishield.sys driver in Fortinet's FortiClient prior to version 5.2.4 contains vulnerabilities that allow local users to execute arbitrary code with kernel privileges. This is achieved by manipulating the callback function via specific ioctl calls, namely 0x220024 and 0x220028. Unauthorized access to kernel-level operations can lead to significant security risks and system compromise if exploited.
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.