Exploiting this weakness to perform remote code execution has on the other hand not been proven to be feasible.
Denial of service
FortiOS all versions lower than 6.0.5
Upgrade to FortiOS 6.0.5 or 6.2.0
Disable the SSL-VPN web portal service by applying the following CLI commands:
config vpn ssl settings
2019-04-02 Initial Version
2019-05-15 Add fix on 6.0 branch
Fortinet is pleased to thank Meh Chang and Orange Tsai from DEVCORE Security Research Team for reporting this vulnerability under responsible disclosure.