Description
The (1) mdare64_48.sys, (2) mdare32_48.sys, (3) mdare32_52.sys, (4) mdare64_52.sys, and (5) Fortishield.sys drivers in Fortinet FortiClient before 5.2.4 do not properly restrict access to the API for management of processes and the Windows registry, which allows local users to obtain a privileged handle to a PID and possibly have unspecified other impact, as demonstrated by a 0x2220c8 ioctl call.
References (7)
Core 7
Core References
Various Sources x_refsource_misc
http://www.coresecurity.com/advisories/forticlient-antivirus-multiple-vulnerabilities
Exploit, Third Party Advisory x_refsource_misc
http://packetstormsecurity.com/files/133398/FortiClient-Antivirus-Information-Exposure-Access-Control.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1033439
Vendor Advisory x_refsource_confirm
http://www.fortiguard.com/advisory/mulitple-vulnerabilities-in-forticlient
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/536369/100/0/threaded
Vendor Advisory x_refsource_confirm
http://fortiguard.com/advisory/mulitple-vulnerabilities-in-forticlient
Mailing List mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2015/Sep/0
Scores
EPSS
0.0006
EPSS Percentile
19.1%
Details
CWE
CWE-264
Status
published
Products (1)
fortinet/forticlient
< 5.2.3
Published
Sep 03, 2015
Tracked Since
Feb 18, 2026