CVE-2020-12812β€”Fortinet FortiOS SSL VPN Improper Authentication Vulnerability

PUBLISHEDvulnerability record
2021-11-03 Β· last modified June 21, 2025

Metadata

CVE ID:
CVE-2020-12812
Project:
Fortinet
Product:
FortiOS
Date Added:
2021-11-03
Due Date:
2022-05-03
Last Updated:
June 21, 2025

Vulnerability Name

Fortinet FortiOS SSL VPN Improper Authentication Vulnerability

Description

Fortinet FortiOS SSL VPN contains an improper authentication vulnerability that may allow a user to login successfully without being prompted for the second factor of authentication (FortiToken) if they change the case in their username.

Known To Be Used in Ransomware Campaigns?

Ransomware Status:
KNOWN

Action

Apply updates per vendor instructions.

Additional Notes

Related News Articles

Related Weaknesses