CVE-2015-5736

Name of the Vulnerable Software and Affected Versions Fortinet FortiClient versions prior to 5.2.4

Description The issue allows local users to execute arbitrary code with kernel privileges. This is achieved by setting the callback function in a (1) 0x220024 or (2) 0x220028 ioctl call, specifically targeting the Fortishield.sys driver.

Recommendations For versions prior to 5.2.4, update to version 5.2.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the Fortishield.sys driver to minimize the risk of exploitation.