Fortinet is aware that a malicious actor has disclosed SSL-VPN credentials to access FortiGate SSL-VPN devices. This incident is related to an old vulnerability resolved in May 2019. We continue to strongly recommend that customers implement the patch upgrade and password reset as soon as possible.
Fortinet has issued a patch and mitigations and is proactively communicating to customers, strongly urging them to immediately update their FortiManager and FortiAnalyzer products. Read more.
Fortinet continues to communicate urging those customers that have not implemented the resolution to immediately implement patches that were made for CVE-2018-13379, CVE-2019-5591, and CVE-2020-12812. Read more.