CVE-2015-5736 PoC — Fortinet FortiClient 权限许可和访问控制漏洞

Source

https://github.com/avielzecharia/CVE-2015-5736

Associated Vulnerability

Title:Fortinet FortiClient 权限许可和访问控制漏洞 (CVE-2015-5736)
Description:Fortinet FortiClient是美国飞塔（Fortinet）公司的一套移动终端安全解决方案。该方案与FortiGate防火墙设备连接时可提供IPsec和SSL加密、广域网优化、终端合规和双因子认证等功能。 Fortinet FortiClient 5.2.3及之前版本的Fortishield.sys驱动程序中存在安全漏洞。本地攻击者可通过在0x220024或0x220028 ioctl调用中设置回调函数利用该漏洞以内核权限执行任意代码。

Description

PoC for CVE-2015-5736

Readme

# CVE-2015-5736
PoC for CVE-2015-5736 for educational purposes only.

File Snapshot


 [4.0K]  /data/pocs/b925a6a9720182ebf9355d19a3c8c824c4d0f9c6
├── [4.0K]  binaries
│   ├── [ 57K]  FortiShield.sys
│   ├── [1.5M]  FortiShield.sys.i64
│   ├── [553K]  hal.dll
│   └── [9.2M]  ntoskrnl.exe
├── [  69]  README.md
├── [4.0K]  rp-win
│   ├── [ 35K]  Forti_va0_3.txt
│   ├── [339K]  hal_va0_3.txt
│   ├── [4.9M]  ntos3.txt
│   ├── [4.6M]  ntos3_va0.txt
│   ├── [ 25M]  ntos4_va0.txt
│   ├── [3.2M]  rp-win.exe
│   └── [ 22M]  rp-win.pdb
└── [4.0K]  src
    ├── [ 12K]  Common1.cpp
    ├── [ 11K]  Common1.h
    ├── [ 13K]  Common.c
    ├── [ 11K]  Common.h
    └── [9.3K]  CVE-2015-5736.cpp

3 directories, 17 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!