FortiClient Antivirus Fixes System-Level Privilege Escalation Bug

Status
Not open for further replies.

Exterminator

Community Manager
Thread author
Verified
Staff Member
Well-known
Oct 23, 2012
12,527
A problem with the antivirus' drivers exposed users' PCs
FortiClient, an antivirus client that comes with Fortinet's FortiGate firewall and network security solution, has fixed a privilege escalation bug that allowed unprivileged users to gain system-level privileges.

The vulnerability (CORE-2015-0013) was discovered by the researchers at Core Security and affected all antivirus versions starting with 5.2.3 and lower.

According to Fortinet's security team, the vulnerability was properly disclosed in June and fixed with version 5.2.4, which was launched at the start of September.

The problem lay in four FortiClient drivers ("mdare64_48.sys," "mdare32_48.sys," "mdare32_52.sys," and "mdare64_52.sys") which, when taking commands from IOCTL (Input-Output Control) system calls with specific parameters, would allow an unprivileged user to get system-level privileges.

This allowed an attacker that had previously infected the system in some way or another to use this vulnerability in the FortiClient antivirus and grant themselves system-level privileges on a Windows machine.

This means they would have been able to infect the system with malware, extract private data and send it to a C&C server, add the workstation to a botnet, or anything they would have desired.

Fortinet and especially the FortiGate family of security products is well-known in the enterprise market, a recent study having Fortinet FortiGate as the favorite enterprise firewall among industry professionals.
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top