We’re aware of a critical Remove Code Execution (RCE) vulnerability affecting Fortinet’s SSL VPN functionality. This vulnerability can be exploited without credentials and affects all SSL VPN appliances, even if multi-factor authentication is enabled.
Due to the critical nature of the vulnerability, we highly recommend that you upgrade your FortiOS firmware to the latest version.
The latest firmware versions are:
6.0.17
6.2.15
6.4.13
7.0.12
7.2.5
You can find more information at the CERT advisory here.