Fortinet FortiClient Host Security fortimon.sys Crafted Request Local Privilege Escalation

High Nessus Plugin ID 31347


The remote Windows host contains a device driver that is affected by a local privilege escalation vulnerability.


FortiClient is installed on the remote host, providing it with a range of security-related functionality.

The version of the fortimon.sys device driver installed on the remote host as part of FortiClient allows a local user to escalate his privileges by issuing a special request to the driver's device.


Upgrade to Fortinet FortiClient 3.0 MR5 Patch 4 (build 474) / 3.0 MR6 (build 534) or later.

See Also

Plugin Details

Severity: High

ID: 31347

File Name: forticlient_fortimon_priv_escalation.nasl

Version: $Revision: 1.11 $

Type: local

Agent: windows

Family: Windows

Published: 2008/03/04

Modified: 2016/05/05

Dependencies: 76534

Risk Information

Risk Factor: High


Base Score: 7.2

Temporal Score: 6.3

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:fortinet:forticlient

Required KB Items: installed_sw/FortiClient

Exploit Available: false

Exploit Ease: No known exploits are available

Reference Information

CVE: CVE-2008-0779

BID: 27776

OSVDB: 42603

Secunia: 28975

CWE: 264