Critical FortiOS/FortiSwitchManager flaw enables remote code execution
Fortinet disclosed a critical heap-based buffer overflow vulnerability in the cw_acd daemon affecting FortiOS and FortiSwitchManager that allows remote, unauthenticated attackers to execute arbitrary code by sending specially crafted requests. Fortinet has issued advisories and patches across multiple FortiOS branches, FortiSASE, and FortiSwitchManager, and urges immediate upgrades to mitigate risk of full-system compromise (no CVE assigned yet). In the meantime, mitigations include disabling fabric access on interfaces and blocking CAPWAP-CONTROL traffic (UDP ports 5246–5249) via local-in policies, along with monitoring cw_acd activity and segmenting management interfaces.
