CVE-2020-12812 - Fortinet FortiOS SSL VPN Improper Authentication Vulnerability
Project:Fortinet
Product:FortiOS
Date Added:2021-11-03Due Date:2022-05-03
Vulnerability Name
Fortinet FortiOS SSL VPN Improper Authentication Vulnerability
Description
Fortinet FortiOS SSL VPN contains an improper authentication vulnerability that may allow a user to login successfully without being prompted for the second factor of authentication (FortiToken) if they change the case in their username.
Known To Be Used in Ransomware Campaigns?
Known
Action
Apply updates per vendor instructions.
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2020-12812