New FortiOS Vulnerability

Fortinet recently disclosed a critical security vulnerability affecting FortiOS (used on FortiGate firewalls and related Fortinet platforms) as well as FortiSwitchManager. The issue is described as a heap-based buffer overflow within the cw_acd daemon, and the risk is severe because it can allow a remote attacker to execute arbitrary code or commands. Most concerning: the attack can be performed without authentication, meaning an exposed system could potentially be compromised simply through malicious network traffic.

This type of weakness is a major concern for businesses because devices running FortiOS often sit at the perimeter of the network—meaning they are highly exposed and typically have elevated levels of access. If exploited, an attacker could gain deep control of the appliance and potentially use it to pivot into internal systems, steal sensitive information, intercept traffic, or disable key security protections. Environments using Fortinet management and fabric capabilities may face additional risk if the vulnerable services are reachable from untrusted networks.

Fortinet has provided guidance on which versions are impacted and what organizations should do next. The recommended action is immediate patching/upgrading to fixed releases across affected product branches. If patching cannot be performed right away, mitigations include removing “fabric” access from interfaces and restricting/blocking CAPWAP-CONTROL traffic (UDP ports 5246–5249) using local-in policies so only trusted sources can reach it. This is an important reminder that firewall and network appliances must be treated like any other critical system: patch quickly, limit management exposure, and monitor for suspicious activity to reduce the risk of a full network compromise.