A missing authentication for critical function vulnerability [CWE-306] in FortiManager fgfmd daemon may allow a remote unauthenticated attacker to execute arbitrary code or commands via specially crafted requests.
This critical issue affects most versions of Fortinet’s FortiManager, a solution to manage this vendor’s products and in particular FortiGate firewalls, by automating security operations and deployments.
The security advisory is publicly available at this Fortinet URL