CVSS: 2.1EPSS: 0%CPEs: 1EXPL: 1CVE-2015-4077 – Fortinet FortiClient 5.2.3 (Windows 10 x64 Creators) - Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2015-4077
The (1) mdare64_48.sys, (2) mdare32_48.sys, (3) mdare32_52.sys, and (4) mdare64_52.sys drivers in Fortinet FortiClient before 5.2.4 allow local users to read arbitrary kernel memory via a 0x22608C ioctl call. Los controladores (1) mdare64_48.sys, (2) mdare32_48.sys, (3) mdare32_52.sys y (4) mdare64_52.sys en Fortinet FortiClient en versiones anteriores a 5.2.4 permiten a usuarios locales leer memoria del kernel arbitraria a través de una llamada ioctl 0x22608C. Fortinet FortiClient version 5.2.3 (Windows 10 x64 Creators) suffers from a local privilege escalation vulnerability. • https://www.exploit-db.com/exploits/45149 http://fortiguard.com/advisory/mulitple-vulnerabilities-in-forticlient http://packetstormsecurity.com/files/133398/FortiClient-Antivirus-Information-Exposure-Access-Control.html http://seclists.org/fulldisclosure/2015/Sep/0 http://www.coresecurity.com/advisories/forticlient-antivirus-multiple-vulnerabilities http://www.fortiguard.com/advisory/mulitple-vulnerabilities-in-forticlient http://www.securityfocus.com/archive/1/536369/100/0/threaded http://www.securitytracker.com/id/1033439 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 2CVE-2015-1453
https://notcve.org/view.php?id=CVE-2015-1453
The qm class in Fortinet FortiClient 5.2.3.091 for Android uses a hardcoded encryption key of FoRtInEt!AnDrOiD, which makes it easier for attackers to obtain passwords and possibly other sensitive data by leveraging the key to decrypt data in the Shared Preferences. La clase qm en Fortinet FortiClient 5.2.3.091 para Android utiliza una clave de cifrado embebido de FoRtInEt!AnDrOiD, lo que facilita a atacantes obtener contraseñas y posiblemente otros datos sensibles mediante el aprovechamiento de la clave para descifrar datos en las preferencias compartidas 'Shared Preferences'. • http://seclists.org/fulldisclosure/2015/Jan/124 http://www.security-assessment.com/files/documents/advisory/Fortinet_FortiClient_Multiple_Vulnerabilities.pdf http://www.securityfocus.com/bid/72383 • CWE-310: Cryptographic Issues •