The vulnerability identified as a remote code execution flaw is accessible during the pre-authentication phase in Fortinet SSL VPN appliances and services. Due to the severity of the flaw and that it does not appear to be exploited in the wild (as of this writing) Fortinet is not releasing any details on the flaw. The French Security company Olympe Cyberdefense released an independent alert that indicates that the RCS flaw is not present in following version of software: 6.2.15, 6.4.13, 7.0.12, and 7.2.5. They also note that the flaw appears to not be affected by MFA enforcement. The report, linked here (in French), mentioned that the new flaw affects all firewalls, but is specific to the VPN function.

Fortinet is a popular firewall and VPN functionality is typically enabled when they are in play. This flaw does leave more than a few organizations open to potential attack if threat actors are already aware of this flaw. If that is the case, then those same organizations are now in a race against attackers to get patched before their environments are attacked and compromised. This flaw needs a seriously abbreviated patch cycle to take this opening away from threat actors. Even if it means down time for regular businesses, a flaw like this on an edge appliance can put you in a situation that no cybersecurity team wants to be in.

Stay safe out there