CVE-2020-12812: Fortinet FortiOS SSL VPN Improper Authentication Vulnerability

CVE ID

CVE-2020-12812

Vulnerability Name

Fortinet FortiOS SSL VPN Improper Authentication Vulnerability

• Project: Fortinet
• Product: FortiOS

Date

• Date Added: 2021-11-03
• Due Date: 2022-05-03

Description

Fortinet FortiOS SSL VPN contains an improper authentication vulnerability that may allow a user to login successfully without being prompted for the second factor of authentication (FortiToken) if they change the case in their username.

Known To Be Used in Ransomware Campaigns?

Known

Action

Apply updates per vendor instructions.

Additional Notes

https://nvd.nist.gov/vuln/detail/CVE-2020-12812

Related Security News

• Over 10K Fortinet firewalls exposed to actively exploited 2FA bypass
• Fortinet warns of 5-year-old FortiOS 2FA bypass still exploited in attacks
• Fortinet Warns of Active Exploitation of FortiOS SSL VPN 2FA Bypass Vulnerability

More CVEs Info

Common Vulnerabilities & Exposures (CVE) List