CVE-2015-5735 — Fortinet Forticlient vulnerability

CWE-2643 documents3 sources

Severity

7.2HIGHNVD

EPSS

0.1%

top 80.87%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fortinet Forticlient

Timeline

PublishedSep 3

Latest updateMay 14

Description

The (1) mdare64_48.sys, (2) mdare32_48.sys, (3) mdare32_52.sys, and (4) mdare64_52.sys drivers in Fortinet FortiClient before 5.2.4 allow local users to write to arbitrary memory locations via a 0x226108 ioctl call.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages1 packages

▶NVDfortinet/forticlient5.2.3

🔴Vulnerability Details

GHSA

GHSA-gwcv-mrcx-59x5: The (1) mdare64_48↗2022-05-14

▶

CVEList

CVE-2015-5735: The (1) mdare64_48↗2015-09-03

▶