TLDR: if you use Fortinet SSL VPN you have to disconnect your remote users. Immediately 🤦♂️
Critical #vulnerability in #Fortinet #FortiOS SSL #VPN.
Remote code execution without authentication.
Potentially already exploited in the wild.
Patches for supported versions are available, and they also recommend workaround: disable SSL VPN. Not just a webmode, but the entire SSL VPN.
It means that companies with Fortigate firewalls have to disconnect their remote workers from VPN if they cannot patch immediately or if they do not use IPsec VPN instead of SSL VPN.