cnvd - cnvd-2015-05797

CNVD-2015-05797

Vulnerability from cnvd - Published: 2015-09-07

Title

Fortinet FortiClient提权漏洞

Description

Fortinet FortiClient是美国飞塔（Fortinet）公司一套终端安全解决方案，为终端用户提供防病毒、加密等服务。 Fortinet FortiClient 5.2.4之前的版本存在提权漏洞,允许本地用户通过0x2220c8 ioctl调用管理过程和Windows注册表API获取权限提升。

Severity

高

Formal description

目前没有详细的解决方案，请到厂商的主页下载： http://www.fortinet.com

Reference

http://www.securitytracker.com/id/1033439

Impacted products

Name
Fortinet FortiClient < 5.2.4

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2015-5737"
    }
  },
  "description": "Fortinet FortiClient\u662f\u7f8e\u56fd\u98de\u5854\uff08Fortinet\uff09\u516c\u53f8\u4e00\u5957\u7ec8\u7aef\u5b89\u5168\u89e3\u51b3\u65b9\u6848\uff0c\u4e3a\u7ec8\u7aef\u7528\u6237\u63d0\u4f9b\u9632\u75c5\u6bd2\u3001\u52a0\u5bc6\u7b49\u670d\u52a1\u3002\r\n\r\nFortinet FortiClient 5.2.4\u4e4b\u524d\u7684\u7248\u672c\u5b58\u5728\u63d0\u6743\u6f0f\u6d1e,\u5141\u8bb8\u672c\u5730\u7528\u6237\u901a\u8fc70x2220c8 ioctl\u8c03\u7528\u7ba1\u7406\u8fc7\u7a0b\u548cWindows\u6ce8\u518c\u8868API\u83b7\u53d6\u6743\u9650\u63d0\u5347\u3002",
  "discovererName": "Enrique Nissim",
  "formalWay": "\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u7684\u89e3\u51b3\u65b9\u6848\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\nhttp://www.fortinet.com",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2015-05797",
  "openTime": "2015-09-07",
  "products": {
    "product": "Fortinet FortiClient \u003c 5.2.4"
  },
  "referenceLink": "http://www.securitytracker.com/id/1033439",
  "serverity": "\u9ad8",
  "submitTime": "2015-09-06",
  "title": "Fortinet FortiClient\u63d0\u6743\u6f0f\u6d1e"
}

CVE-2015-5737 (GCVE-0-2015-5737)

Vulnerability from cvelistv5 – Published: 2015-09-03 14:00 – Updated: 2024-08-06 06:59

Summary

The (1) mdare64_48.sys, (2) mdare32_48.sys, (3) mdare32_52.sys, (4) mdare64_52.sys, and (5) Fortishield.sys drivers in Fortinet FortiClient before 5.2.4 do not properly restrict access to the API for management of processes and the Windows registry, which allows local users to obtain a privileged handle to a PID and possibly have unspecified other impact, as demonstrated by a 0x2220c8 ioctl call.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://www.coresecurity.com/advisories/forticlien…	x_refsource_MISC
	http://packetstormsecurity.com/files/133398/Forti…	x_refsource_MISC
	http://www.securitytracker.com/id/1033439	vdb-entryx_refsource_SECTRACK
	http://www.fortiguard.com/advisory/mulitple-vulne…	x_refsource_CONFIRM
	http://www.securityfocus.com/archive/1/536369/100…	mailing-listx_refsource_BUGTRAQ
	http://fortiguard.com/advisory/mulitple-vulnerabi…	x_refsource_CONFIRM
	http://seclists.org/fulldisclosure/2015/Sep/0	mailing-listx_refsource_FULLDISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T06:59:04.177Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.coresecurity.com/advisories/forticlient-antivirus-multiple-vulnerabilities"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/133398/FortiClient-Antivirus-Information-Exposure-Access-Control.html"
          },
          {
            "name": "1033439",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1033439"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.fortiguard.com/advisory/mulitple-vulnerabilities-in-forticlient"
          },
          {
            "name": "20150901 [CORE-2015-0013] - FortiClient Antivirus Multiple Vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/536369/100/0/threaded"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://fortiguard.com/advisory/mulitple-vulnerabilities-in-forticlient"
          },
          {
            "name": "20150901 [CORE-2015-0013] - FortiClient Antivirus Multiple Vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2015/Sep/0"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-09-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The (1) mdare64_48.sys, (2) mdare32_48.sys, (3) mdare32_52.sys, (4) mdare64_52.sys, and (5) Fortishield.sys drivers in Fortinet FortiClient before 5.2.4 do not properly restrict access to the API for management of processes and the Windows registry, which allows local users to obtain a privileged handle to a PID and possibly have unspecified other impact, as demonstrated by a 0x2220c8 ioctl call."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-09T18:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.coresecurity.com/advisories/forticlient-antivirus-multiple-vulnerabilities"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/133398/FortiClient-Antivirus-Information-Exposure-Access-Control.html"
        },
        {
          "name": "1033439",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1033439"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.fortiguard.com/advisory/mulitple-vulnerabilities-in-forticlient"
        },
        {
          "name": "20150901 [CORE-2015-0013] - FortiClient Antivirus Multiple Vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/536369/100/0/threaded"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://fortiguard.com/advisory/mulitple-vulnerabilities-in-forticlient"
        },
        {
          "name": "20150901 [CORE-2015-0013] - FortiClient Antivirus Multiple Vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2015/Sep/0"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-5737",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The (1) mdare64_48.sys, (2) mdare32_48.sys, (3) mdare32_52.sys, (4) mdare64_52.sys, and (5) Fortishield.sys drivers in Fortinet FortiClient before 5.2.4 do not properly restrict access to the API for management of processes and the Windows registry, which allows local users to obtain a privileged handle to a PID and possibly have unspecified other impact, as demonstrated by a 0x2220c8 ioctl call."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.coresecurity.com/advisories/forticlient-antivirus-multiple-vulnerabilities",
              "refsource": "MISC",
              "url": "http://www.coresecurity.com/advisories/forticlient-antivirus-multiple-vulnerabilities"
            },
            {
              "name": "http://packetstormsecurity.com/files/133398/FortiClient-Antivirus-Information-Exposure-Access-Control.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/133398/FortiClient-Antivirus-Information-Exposure-Access-Control.html"
            },
            {
              "name": "1033439",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1033439"
            },
            {
              "name": "http://www.fortiguard.com/advisory/mulitple-vulnerabilities-in-forticlient",
              "refsource": "CONFIRM",
              "url": "http://www.fortiguard.com/advisory/mulitple-vulnerabilities-in-forticlient"
            },
            {
              "name": "20150901 [CORE-2015-0013] - FortiClient Antivirus Multiple Vulnerabilities",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/536369/100/0/threaded"
            },
            {
              "name": "http://fortiguard.com/advisory/mulitple-vulnerabilities-in-forticlient",
              "refsource": "CONFIRM",
              "url": "http://fortiguard.com/advisory/mulitple-vulnerabilities-in-forticlient"
            },
            {
              "name": "20150901 [CORE-2015-0013] - FortiClient Antivirus Multiple Vulnerabilities",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2015/Sep/0"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-5737",
    "datePublished": "2015-09-03T14:00:00",
    "dateReserved": "2015-08-04T00:00:00",
    "dateUpdated": "2024-08-06T06:59:04.177Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2015-05797

CVE-2015-5737 (GCVE-0-2015-5737)

Tags

Sightings

Nomenclature