FortiOS VM images lack an integrity check of the file system at boot time
FortiOS VM appliance lack of root file system integrity check may allow an attacker with read/write access to the VM image (before it is booted up) to inject malicious implants in the image.
Execute unauthorized code or commands
FortiOS VM all versions below 6.0.5
Upgrade to FortiOS VM versions 6.0.5 or 6.2.0
Verify the VM images' integrity by comparing the SHA-512 checksum with the checksum indicated on https://support.fortinet.com/ (downloads section) for that image.
Fortinet is pleased to thank Bart Dopheide, Axians for reporting this vulnerability under responsible disclosure.