CVE-2015-5737

Name of the Vulnerable Software and Affected Versions FortiClient versions prior to 5.2.4

Description The issue concerns the mdare64 48.sys, mdare32 48.sys, mdare32 52.sys, mdare64 52.sys, and Fortishield.sys drivers in FortiClient. These drivers do not properly restrict access to the API for management of processes and the Windows registry. This allows local users to obtain a privileged handle to a PID, which may have unspecified other impacts. An example of exploitation is a 0x2220c8 ioctl call.

Recommendations For versions prior to 5.2.4, update to version 5.2.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the management API to minimize the risk of exploitation.