FortiManager critical 0-day vulnerability exploited in the wild, Threat level: 5/5

A missing authentication for critical function vulnerability [CWE-306] in FortiManager fgfmd daemon may allow a remote unauthenticated attacker to execute arbitrary code or commands via specially crafted requests.

This critical issue affects most versions of Fortinet’s FortiManager, a solution to manage this vendor’s products and in particular FortiGate firewalls, by automating security operations and deployments. 

The security advisory is publicly available at this Fortinet URL