Important information for Fortinet users!
A critical vulnerability has been discovered in FortiOS that would allow unauthenticated remote attackers to execute arbitrary code or commands via specially crafted HTTP requests. If you want, I can immediately look up Fortinet’s official advisory, CVE number, and recommended mitigations/patches.
Temporary solution: we recommend disabling the SSL VPN. Please note that disabling WebMode is not an effective way to prevent an attack.
Note: There is a potential risk that this vulnerability is already being exploited by attackers.
We urge all users to take the necessary security measures and follow the recommended guidelines. For more information, please see the following link: https://www.fortiguard.com/psirt/FG-IR-24-015