We’re aware of a critical Remove Code Execution (RCE) vulnerability affecting Fortinet’s SSL VPN functionality. This vulnerability can be exploited without credentials and affects all SSL VPN appliances, even if multi-factor authentication is enabled.

Due to the critical nature of the vulnerability, we highly recommend that you upgrade your FortiOS firmware to the latest version.

The latest firmware versions are:
6.0.17
6.2.15
6.4.13
7.0.12
7.2.5

You can find more information at the CERT advisory here.