Информационная безопасность
[RU] switch to English


CVECVE-2015-5737
СтатусCandidate
ОписаниеThe (1) mdare64_48.sys, (2) mdare32_48.sys, (3) mdare32_52.sys, (4) mdare64_52.sys, and (5) Fortishield.sys drivers in Fortinet FortiClient before 5.2.4 do not properly restrict access to the API for management of processes and the Windows registry, which allows local users to obtain a privileged handle to a PID and possibly have unspecified other impact, as demonstrated by a 0x2220c8 ioctl call.
Важность
High
CVSS score7,2
CVSS vector(AV:L/AC:L/Au:N/C:C/I:C/A:C)
PhaseAssigned (04.08.2015)
NVD:http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5737
ReferencesSECTRACK : 1033439
 MISC : http://www.coresecurity.com/advisories/forticlient...
 CONFIRM : http://www.fortiguard.com/advisory/mulitple-vulner...
SecurityVulns:Многочисленные уязвимости безопасности в Fortinet FortiClient
О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород