Format String Vulnerability in SSH username
There is a format string vulnerability in the SSH username handling when connecting to FortiOS 5.6.0, that may lead to memory corruption.
FortiOS version 5.6.0
The following Fortinet products are NOT affected:
FortiOS 5.4 all versions
FortiOS 5.2 all versions
Please upgrade to FortiOS version 5.6.1 or above.
Workaround: Configure the trusthost feature to only allow trusted administrators to use SSH and deny others.