CVE-2015-5737

The (1) mdare64_48.sys, (2) mdare32_48.sys, (3) mdare32_52.sys, (4) mdare64_52.sys, and (5) Fortishield.sys drivers in Fortinet FortiClient before 5.2.4 do not properly restrict access to the API for management of processes and the Windows registry, which allows local users to obtain a privileged handle to a PID and possibly have unspecified other impact, as demonstrated by a 0x2220c8 ioctl call.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.2 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:N/C:C/I:C/A:C
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 29%
VendorProductVersion
fortinetforticlient
𝑥
≤ 5.2.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://fortiguard.com/advisory/mulitple-vulnerabilities-in-forticlient
http://packetstormsecurity.com/files/133398/FortiClient-Antivirus-Information-Exposure-Access-Control.html
http://seclists.org/fulldisclosure/2015/Sep/0
http://www.coresecurity.com/advisories/forticlient-antivirus-multiple-vulnerabilities
http://www.fortiguard.com/advisory/mulitple-vulnerabilities-in-forticlient
http://www.securityfocus.com/archive/1/536369/100/0/threaded
http://www.securitytracker.com/id/1033439
http://fortiguard.com/advisory/mulitple-vulnerabilities-in-forticlient
http://packetstormsecurity.com/files/133398/FortiClient-Antivirus-Information-Exposure-Access-Control.html
http://seclists.org/fulldisclosure/2015/Sep/0
http://www.coresecurity.com/advisories/forticlient-antivirus-multiple-vulnerabilities
http://www.fortiguard.com/advisory/mulitple-vulnerabilities-in-forticlient
http://www.securityfocus.com/archive/1/536369/100/0/threaded
http://www.securitytracker.com/id/1033439