← Retour aux CVEs
CVE-2020-12812
CRITICALCISA KEV9.8
Description
An improper authentication vulnerability in SSL VPN in FortiOS 6.4.0, 6.2.0 to 6.2.3, 6.0.9 and below may result in a user being able to log in successfully without being prompted for the second factor of authentication (FortiToken) if they changed the case of their username.
Details CVE
Score CVSS v3.19.8
SeveriteCRITICAL
Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vecteur d'attaqueNETWORK
ComplexiteLOW
Privileges requisNONE
Interaction utilisateurNONE
Publie7/24/2020
Derniere modification10/24/2025
Sourcekev
Observations honeypot0
CISA KEV
FournisseurFortinet
ProduitFortiOS
Nom vulnerabiliteFortinet FortiOS SSL VPN Improper Authentication Vulnerability
Date ajout KEV2021-11-03
Date limite remediation2022-05-03
Utilise dans ransomwareKnown
Produits affectes
fortinet:fortios
Faiblesses (CWE)
CWE-178CWE-287CWE-287
References
https://fortiguard.com/psirt/FG-IR-19-283(psirt@fortinet.com)
https://fortiguard.com/psirt/FG-IR-19-283(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-12812(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.