Kernel Code Execution Vulnerability in FortiClient by Fortinet
CVE-2015-5736

Currently unrated

Key Information:

Vendor: Fortinet
Status: Forticlient
Vendor: CVE Published:; 3 September 2015

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2015-5736?

The Fortishield.sys driver in Fortinet's FortiClient prior to version 5.2.4 contains vulnerabilities that allow local users to execute arbitrary code with kernel privileges. This is achieved by manipulating the callback function via specific ioctl calls, namely 0x220024 and 0x220028. Unauthorized access to kernel-level operations can lead to significant security risks and system compromise if exploited.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2015-5736
Created by avielzecharia

References

http://www.coresecurity.com/advisories/forticlient-antivi...

x_refsource_MISC

https://www.exploit-db.com/exploits/41722/

exploitx_refsource_EXPLOIT-DB

http://packetstormsecurity.com/files/133398/FortiClient-A...

x_refsource_MISC

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Sep 6, 2025
👾
Exploit known to exist
Sep 6, 2025
Vulnerability published
Sep 3, 2015
Vulnerability Reserved
Aug 4, 2015

JSON