This advisory is for organizations that use FortiOS and FortiProxy. If your organization does not use this device, this notification may be discarded.
Last week, Fortinet released updates to address a security flaw in FortiOS and FortiProxy SSL-VPN that could allow an unauthenticated remote user to execute arbitrary commands or code due to a heap-based buffer overflow weakness within these products.
Summary
Fortinet users that have SSL-VPN enabled and exposed to the public internet are susceptible to this vulnerability if they are using the unpatched version.
Fortinet has released a PSIRT Advisory indicating the affected products and recommends that organizations apply patches as soon as possible. https://www.fortiguard.com/psirt/FG-IR-23-097
