FortiGuard, the threat intelligence and research organization at Fortinet, has rated this vulnerability as a Critical Risk.
A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests.
Multiple versions of FortiOS v. 5.0.0-7.2.2, and FortiOS-6K7K v. 6.0.0-7.0.7.
Course of Action
Systems Engineering recommends clients who have affected FortiGate systems be patched for these vulnerabilities.
If you are a current SE EventWatch client, we are consistently monitoring your network to detect, manage, and triage any potential indications of compromise from this, or any other security incidents.
For all other clients, if you would like assistance patching an affected Fortinet system, please reach out to our customer service team to have a ticket opened to receive this vital security update.
Systems Engineering's Customer Service can be reached at email@example.com or 207.772.4199.