On 6th of October 2022, the Fortinet started circulating internally and to their
clients preliminary alert that admin GUI vulnerability had been found. They
released more details by now, but the whole picture regarding the exploitation
path is not known yet. The vulnerability was assigned severity 9.6 (very high),
and as far as we can understand from their bulletin – allows attackers to bypass
the administrator authentication mechanisms and get access to the GUI. Also, not
stated directly, but understood – the `trusthost` configuration does NOT
prevent attackers coming from IPs not on the trusthost list. It is now
known that if any admin-level account has 0.0.0.0 as its trusthost set, then
such Fortigate is vulnerable from any IP.

Fortinet recommend the following to be done immediately: