CVE-2020-12812
Fortinet / FortiOS
Ransomware campaign
Added 2021-11-03
Due 2022-05-03
Fortinet FortiOS SSL VPN Improper Authentication Vulnerability
Fortinet FortiOS SSL VPN contains an improper authentication vulnerability that may allow a user to login successfully without being prompted for the second factor of authentication (FortiToken) if they change the case in their username.
Required action
Apply updates per vendor instructions.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2020-12812
Metadata
| Added to KEV | 2021-11-03 |
| Remediation due | 2022-05-03 |
| Ransomware use | Known |
| CWEs | CWE-178,CWE-287 |
| Ingested | 2026-04-24 15:03:13 |
Cross-mesh regulatory overlay
If you're breached via this CVE, what disclosure laws and cyber regs fire? Asks LexiWorld and RegulatoryRadar via signed mesh.