Fortinet addresses four vulnerabilities in FortiClient

FortiClient drivers expose IOCTL, which could allow an unprivileged user to gain system-level privileges.
FortiClient drivers expose IOCTL, which could allow an unprivileged user to gain system-level privileges.

Fortinet has released a firmware update for its endpoint security solution FortiClient that addresses four vulnerabilities.

According to an advisory published by Fortinet on Tuesday, FortiClient drivers expose IOCTL, which could allow an unprivileged user to gain system-level privileges. Windows users should upgrade to FortiClient v5.2.4 to address the vulnerabilities.

Fortinet thanked Enrique Nissim and Joaquín Rodríguez Varela, of Core Security, for responsibly disclosing the issue.

In a Tuesday email correspondence, Nissim told SCMagazine.com that the four vulnerabilities are locally exploitable, which means prior access to the vulnerable system is required.

“By exploiting any of these vulnerabilities, an attacker who already possesses control of a low privileged user account can now achieve SYSTEM privileges on the host,” Nissim said, noting that the bugs cannot be exploited remotely.

Upon gaining system privileges on the Windows host, an attacker could do anything they want, Nissim said, explaining they could steal all the information stored by the host, or install malware and convert the machine into a zombie.

Core Security provided a technical analysis of the vulnerabilities – CVE-2015-4077, CVE-2105-5735, CVE-2015-5736, and CVE-2015-5737 – in a Tuesday advisory. They wrote that the bugs fall under different classes, including information exposure, write-what-where condition, exposed dangerous method or function, and exposed IOCTL with insufficient access control.

Core Security notified Fortinet of the vulnerabilities on June 25. The two organizations worked collaboratively to replicate the issue and confirm the bugs were addressed before the firmware update was released and the respective advisories were published.

You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS