Fortinet has released updates for its FortiManager and FortiAnalyzer network management solutions to fix a serious vulnerability that could be exploited to execute arbitrary code with the highest privileges. Fortinet says that sending a specially crafted request to the FGFM port of a target device may allow a remote, non-authenticated attacker to execute unauthorized code as root The company highlights that FGFM is disabled by default on some hardware models: 1000D, 1000E, 2000E, 3000D, 3000 E, 3000F, 3000E, 3500F, 3700E, 3900E.
Source: https://www.bleepingcomputer.com/news/security/fortinet-fixes-bug-letting-unauthenticated-hackers-run-code-as-root/