This only affects SSL VPN web-mode (SSL VPN tunnel-mode is not impacted)
FortiOS 6.0.0 to 6.0.4
FortiOS 5.6.0 to 5.6.10
FortiOS 5.4.0 to 5.4.12
FortiOS 5.2.0 to 5.2.14
Branch lower than 5.2 not been assessed.
Upgrade to FortiOS 5.2.15, 5.4.13, 5.6.11, 6.0.5 or 6.2.0 and above.
One of the following workarounds can be applied:
* Use SSL VPN tunnel-mode only.
* Only access trusted HTTP web servers under SSL VPN web-mode
* Totally disable the SSL-VPN service by applying the following CLI commands:
config vpn ssl settings
2019-04-02 Initial Version
2019-05-15 Add fix on 6.0 branch
2019-07-11 Risk adjusted to High; Workaround updated.
2019-08-21 Add fix on 5.6 branch
2019-11-26 Add fix on 5.4 and 5.2 branch
Fortinet is pleased to thank Meh Chang and Orange Tsai from DEVCORE Security Research Team for reporting this vulnerability under responsible disclosure.