CVE-2015-5736 – Fortinet FortiClient 5.2.3 (Windows 10 x64 Creators) - Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2015-5736
The Fortishield.sys driver in Fortinet FortiClient before 5.2.4 allows local users to execute arbitrary code with kernel privileges by setting the callback function in a (1) 0x220024 or (2) 0x220028 ioctl call. Vulnerabilidad en el driver Fortishield.sys en Fortinet FortiClient en versiones anteriores a 5.2.4, permite a usuarios locales ejecutar código arbitrario con privilegios de kernel mediante el establecimiento de la función callback en llamada ioctl en (1) 0x220024 o (2) 0x220028. Fortinet FortiClient version 5.2.3 (Windows 10 x64 Creators) suffers from a local privilege escalation vulnerability. • https://www.exploit-db.com/exploits/45149 https://www.exploit-db.com/exploits/41722 https://www.exploit-db.com/exploits/41721 http://fortiguard.com/advisory/mulitple-vulnerabilities-in-forticlient http://packetstormsecurity.com/files/133398/FortiClient-Antivirus-Information-Exposure-Access-Control.html http://seclists.org/fulldisclosure/2015/Sep/0 http://www.coresecurity.com/advisories/forticlient-antivirus-multiple-vulnerabilities http://www.fortiguard.com/advisory/mulitple-vulnerabilities-in-forticlient http://www • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2015-4077 – Fortinet FortiClient 5.2.3 (Windows 10 x64 Creators) - Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2015-4077
The (1) mdare64_48.sys, (2) mdare32_48.sys, (3) mdare32_52.sys, and (4) mdare64_52.sys drivers in Fortinet FortiClient before 5.2.4 allow local users to read arbitrary kernel memory via a 0x22608C ioctl call. Los controladores (1) mdare64_48.sys, (2) mdare32_48.sys, (3) mdare32_52.sys y (4) mdare64_52.sys en Fortinet FortiClient en versiones anteriores a 5.2.4 permiten a usuarios locales leer memoria del kernel arbitraria a través de una llamada ioctl 0x22608C. Fortinet FortiClient version 5.2.3 (Windows 10 x64 Creators) suffers from a local privilege escalation vulnerability. • https://www.exploit-db.com/exploits/45149 http://fortiguard.com/advisory/mulitple-vulnerabilities-in-forticlient http://packetstormsecurity.com/files/133398/FortiClient-Antivirus-Information-Exposure-Access-Control.html http://seclists.org/fulldisclosure/2015/Sep/0 http://www.coresecurity.com/advisories/forticlient-antivirus-multiple-vulnerabilities http://www.fortiguard.com/advisory/mulitple-vulnerabilities-in-forticlient http://www.securityfocus.com/archive/1/536369/100/0/threaded http://www.securitytracker.com/id/1033439 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2015-5737
https://notcve.org/view.php?id=CVE-2015-5737
The (1) mdare64_48.sys, (2) mdare32_48.sys, (3) mdare32_52.sys, (4) mdare64_52.sys, and (5) Fortishield.sys drivers in Fortinet FortiClient before 5.2.4 do not properly restrict access to the API for management of processes and the Windows registry, which allows local users to obtain a privileged handle to a PID and possibly have unspecified other impact, as demonstrated by a 0x2220c8 ioctl call. Vulnerabilidad en los drivers (1) mdare64_48.sys, (2) mdare32_48.sys, (3) mdare32_52.sys, (4) mdare64_52.sys y (5) Fortishield.sys en Fortinet FortiClient en versiones anteriores a 5.2.4, no restringe adecuadamente el acceso a la API para la gestión de procesos y el registro de Windows, lo que permite a usuarios locales obtener un identificador con privilegios a un PID y posiblemente tener otro impacto no especificado, como se demuestra por una llamada ioctl en 0x2220c8. • http://fortiguard.com/advisory/mulitple-vulnerabilities-in-forticlient http://packetstormsecurity.com/files/133398/FortiClient-Antivirus-Information-Exposure-Access-Control.html http://seclists.org/fulldisclosure/2015/Sep/0 http://www.coresecurity.com/advisories/forticlient-antivirus-multiple-vulnerabilities http://www.fortiguard.com/advisory/mulitple-vulnerabilities-in-forticlient http://www.securityfocus.com/archive/1/536369/100/0/threaded http://www.securitytracker.com/id/1033439 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2015-5735
https://notcve.org/view.php?id=CVE-2015-5735
The (1) mdare64_48.sys, (2) mdare32_48.sys, (3) mdare32_52.sys, and (4) mdare64_52.sys drivers in Fortinet FortiClient before 5.2.4 allow local users to write to arbitrary memory locations via a 0x226108 ioctl call. Los controladores (1) mdare64_48.sys, (2) mdare32_48.sys, (3) mdare32_52.sys y (4) mdare64_52.sys en Fortinet FortiClient en versiones anteriores a 5.2.4 permite a usuarios locales escribir a localizaciones de memoria arbitrarias a través de una llamada ioctl 0x226108. • http://fortiguard.com/advisory/mulitple-vulnerabilities-in-forticlient http://packetstormsecurity.com/files/133398/FortiClient-Antivirus-Information-Exposure-Access-Control.html http://seclists.org/fulldisclosure/2015/Sep/0 http://www.coresecurity.com/advisories/forticlient-antivirus-multiple-vulnerabilities http://www.fortiguard.com/advisory/mulitple-vulnerabilities-in-forticlient http://www.securityfocus.com/archive/1/536369/100/0/threaded http://www.securitytracker.com/id/1033439 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2015-1453
https://notcve.org/view.php?id=CVE-2015-1453
The qm class in Fortinet FortiClient 5.2.3.091 for Android uses a hardcoded encryption key of FoRtInEt!AnDrOiD, which makes it easier for attackers to obtain passwords and possibly other sensitive data by leveraging the key to decrypt data in the Shared Preferences. La clase qm en Fortinet FortiClient 5.2.3.091 para Android utiliza una clave de cifrado embebido de FoRtInEt!AnDrOiD, lo que facilita a atacantes obtener contraseñas y posiblemente otros datos sensibles mediante el aprovechamiento de la clave para descifrar datos en las preferencias compartidas 'Shared Preferences'. • http://seclists.org/fulldisclosure/2015/Jan/124 http://www.security-assessment.com/files/documents/advisory/Fortinet_FortiClient_Multiple_Vulnerabilities.pdf http://www.securityfocus.com/bid/72383 • CWE-310: Cryptographic Issues •