A vulnerability (CVE-2021-32589) in FortiManager and FortiAnalyzer could be exploited by remote, non-authenticated attackers to execute unauthorized / malicious code as root. Fortinet has provided security updates to fix the flaw, as well as workarounds if updating is impossible. The vulnerability affects the solutions’ fgfmsd daemon, and could be triggered by senging a specially crafted request to the fgfm port of a vulnerable device. There is no indication this flaw is being actively exploited in the wild.
Source: https://www.helpnetsecurity.com/2021/07/21/cve-2021-32589/