14 DAY TRIAL // FortiClient, an antivirus client that comes with Fortinet's FortiGate firewall and network security solution, has fixed a privilege escalation bug that allowed unprivileged users to gain system-level privileges.
The vulnerability (CORE-2015-0013) was discovered by the researchers at Core Security and affected all antivirus versions starting with 5.2.3 and lower.
According to Fortinet's security team, the vulnerability was properly disclosed in June and fixed with version 5.2.4, which was launched at the start of September.
The problem lay in four FortiClient drivers ("mdare64_48.sys," "mdare32_48.sys," "mdare32_52.sys," and "mdare64_52.sys") which, when taking commands from IOCTL (Input-Output Control) system calls with specific parameters, would allow an unprivileged user to get system-level (administrator) privileges.
This allowed an attacker that had previously infected the system in some way or another to use this vulnerability in the FortiClient antivirus and grant themselves system-level privileges on a Windows machine.
This means they would have been able to infect the system with malware, extract private data and send it to a C&C server, add the workstation to a botnet, encrypt files, launch attacks on fellow connected machines, install or uninstall local applications, or anything they would have desired.
Fortinet and especially the FortiGate family of security products is well-known in the enterprise market, a recent community survey having Fortinet FortiGate as the favorite enterprise firewall among industry professionals.