Kernel Code Execution Vulnerability in FortiClient by Fortinet
CVE-2015-5736

Currently unrated

Key Information:

Vendor: Fortinet
Status: Forticlient
Vendor: CVE Published:; 3 September 2015

Summary

The Fortishield.sys driver in Fortinet's FortiClient prior to version 5.2.4 contains vulnerabilities that allow local users to execute arbitrary code with kernel privileges. This is achieved by manipulating the callback function via specific ioctl calls, namely 0x220024 and 0x220028. Unauthorized access to kernel-level operations can lead to significant security risks and system compromise if exploited.

References

http://www.coresecurity.com/advisories/forticlient-antivi...

x_refsource_MISC

https://www.exploit-db.com/exploits/41722/

exploitx_refsource_EXPLOIT-DB

http://packetstormsecurity.com/files/133398/FortiClient-A...

x_refsource_MISC

Timeline

Vulnerability published
Sep 3, 2015
Vulnerability Reserved
Aug 4, 2015