CVE-2015-4077

Published: Sep 3, 2015Modified: May 6, 2026

2.1

Vector

AV:L/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 3.9 / Impact: 2.9

Source: NVD

Description

The (1) mdare64_48.sys, (2) mdare32_48.sys, (3) mdare32_52.sys, and (4) mdare64_52.sys drivers in Fortinet FortiClient before 5.2.4 allow local users to read arbitrary kernel memory via a 0x22608C ioctl call.

Affected (1)

Products: Fortinet: Forticlient

Fortinet

1 product

Forticlient

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Fortinet Forticlient	Up to 5.2.3

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (16)

http://fortiguard.com/advisory/mulitple-vulnerabilities-in-forticlient

Source: cve@mitre.org

http://packetstormsecurity.com/files/133398/FortiClient-Antivirus-Information-Exposure-Access-Control.html

Source: cve@mitre.org

http://seclists.org/fulldisclosure/2015/Sep/0

Source: cve@mitre.org

http://www.coresecurity.com/advisories/forticlient-antivirus-multiple-vulnerabilities

Source: cve@mitre.org

Vendor Advisory

http://www.fortiguard.com/advisory/mulitple-vulnerabilities-in-forticlient

Source: cve@mitre.org

Vendor Advisory

http://www.securityfocus.com/archive/1/536369/100/0/threaded

Source: cve@mitre.org

http://www.securitytracker.com/id/1033439

Source: cve@mitre.org

https://www.exploit-db.com/exploits/45149/

Source: cve@mitre.org

http://fortiguard.com/advisory/mulitple-vulnerabilities-in-forticlient