Fortinet FortiGate and FortiWiFi 4.00.6 and possibly earlier versions are susceptible to man-in-the-middle attacks (CWE-300) and a heap-based overflow vulnerability (CWE-122). The vulnerabilities exist in the FortiManager service running on TCP port 541.
CWE-300: Channel Accessible by Non-Endpoint ('Man-in-the-Middle') - CVE-2014-0351
A remote unauthenticated attacker may be able to man-in-the-middle traffic between the client and FortiManager service or execute arbitrary code on the appliance.
Fortinet recommends upgrading to FortiOS 4.3.16, 5.0.8, or 5.2.0 to receive the patch. Additionally, please consider the following workaround.
Disable the remote management service
Thanks to Gregor Kopf of Recurity Labs GmbH for reporting this vulnerability.