Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2015-5736 — Fortinet Forticlient vulnerability

CWE-2646 documents4 sources

Severity

7.2HIGHNVD

EPSS

2.5%

top 14.50%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Fortinet Forticlient

Timeline

PublishedSep 3

Latest updateMay 14

Description

The Fortishield.sys driver in Fortinet FortiClient before 5.2.4 allows local users to execute arbitrary code with kernel privileges by setting the callback function in a (1) 0x220024 or (2) 0x220028 ioctl call.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages1 packages

▶NVDfortinet/forticlient5.2.3

🔴Vulnerability Details

GHSA

GHSA-v2jx-hxfp-h5qq: The Fortishield↗2022-05-14

▶

CVEList

CVE-2015-5736: The Fortishield↗2015-09-03

▶

💥Exploits & PoCs

Exploit-DB

Fortinet FortiClient 5.2.3 (Windows 10 x64 Creators) - Local Privilege Escalation↗2018-08-05

▶

Exploit-DB

Fortinet FortiClient 5.2.3 (Windows 10 x64 Post-Anniversary) - Local Privilege Escalation↗2017-03-25

▶

Exploit-DB

Fortinet FortiClient 5.2.3 (Windows 10 x64 Pre-Anniversary) - Local Privilege Escalation↗2017-03-25

▶