CVE-2020-12812
Fortinet FortiOS SSL VPN Improper Authentication Vulnerability - [Actively Exploited]
Description
An improper authentication vulnerability in SSL VPN in FortiOS 6.4.0, 6.2.0 to 6.2.3, 6.0.9 and below may result in a user being able to log in successfully without being prompted for the second factor of authentication (FortiToken) if they changed the case of their username.
INFO
Published Date :
July 24, 2020, 11:15 p.m.
Last Modified :
Oct. 24, 2025, 12:53 p.m.
Remotely Exploit :
Yes !
Source :
[email protected]
CISA KEV (Known Exploited Vulnerabilities)
For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild.
Fortinet FortiOS SSL VPN contains an improper authentication vulnerability that may allow a user to login successfully without being prompted for the second factor of authentication (FortiToken) if they change the case in their username.
Apply updates per vendor instructions.
https://nvd.nist.gov/vuln/detail/CVE-2020-12812
CVSS Scores
| Score | Version | Severity | Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|---|
| CVSS 2.0 | HIGH | [email protected] | ||||
| CVSS 3.1 | CRITICAL | [email protected] | ||||
| CVSS 3.1 | CRITICAL | 134c704f-9b21-4f2e-91b3-4a467353bcc0 |
Solution
- Upgrade to FortiOS version 6.0.10, 6.2.4, 6.4.1 or later.
- Apply the workaround from the advisory, if upgrading is not possible.
Public PoC/Exploit Available at Github
CVE-2020-12812 has a 5 public
PoC/Exploit available at Github.
Go to the Public Exploits tab to see the list.
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2020-12812.
| URL | Resource |
|---|---|
| https://fortiguard.com/psirt/FG-IR-19-283 | Vendor Advisory |
| https://fortiguard.com/psirt/FG-IR-19-283 | Vendor Advisory |
| https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-12812 | US Government Resource |
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2020-12812 is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2020-12812
weaknesses.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
None
Resources for Security Matters talk 2022
Ostorlab KEV: One-command to detect most remotely known exploitable vulnerabilities. Sourced from CISA KEV, Google's Tsunami, Ostorlab's Asteroid and Bug Bounty programs.
cisa-kev vulnerability 0day cisa exploits
主流供应商的一些攻击性漏洞汇总
AttackerKB API Clojure client.
Clojure
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2020-12812 vulnerability anywhere in the article.
-
europa.eu
Cyber Brief 26-01 - December 2025
Cyber Brief (December 2025)January 5, 2025 - Version: 1TLP:CLEARExecutive summaryWe analysed 368 open source reports for this Cyber Security Brief[^1].Relating to cyber policy and law enforcement, the ... Read more
-
security.nl
Nog altijd ruim 10.000 Fortinet-firewalls kwetsbaar voor vijf jaar oud lek
The Shadowserver Foundation neemt voortaan een ernstige kwetsbaarheid in Fortinet SSL-VPN (CVE-2020-12812) op in haar dagelijkse Vulnerable HTTP Report. Hoewel dit lek inmiddels vijf jaar bekend is en ... Read more
-
BleepingComputer
Over 10K Fortinet firewalls exposed to actively exploited 2FA bypass
Over 10,000 Fortinet firewalls are still exposed online and vulnerable to ongoing attacks exploiting a five-year-old critical two-factor authentication (2FA) bypass vulnerability. Fortinet released Fo ... Read more
-
CybersecurityNews
10,000+ Fortinet Firewalls Still Exposed to 5-year Old MFA Bypass Vulnerability
Over 10,000 Fortinet firewalls worldwide remain vulnerable to CVE-2020-12812, a multi-factor authentication (MFA) bypass flaw disclosed over five and a half years ago. Shadowserver recently added the ... Read more
-
The Hacker News
⚡ Weekly Recap: MongoDB Attacks, Wallet Breaches, Android Spyware, Insider Crime & More
Dec 29, 2026Ravie LakshmananHacking News / Cybersecurity Last week's cyber news in 2025 was not about one big incident. It was about many small cracks opening at the same time. Tools people trust ev ... Read more
-
security.nl
Fortinet waarschuwt voor misbruik van vijf jaar oud VPN-lek in FortiOS
Aanvallers maken actief misbruik van een vijf jaar oude kwetsbaarheid in het SSL VPN-onderdeel van FortiOS, zo waarschuwt Fortinet. FortiOS is het besturingssysteem van Fortinet dat op allerlei netwer ... Read more
-
BleepingComputer
Fortinet warns of 5-year-old FortiOS 2FA bypass still exploited in attacks
Fortinet has warned customers that threat actors are still actively exploiting a critical FortiOS vulnerability that allows them to bypass two-factor authentication (2FA) when targeting vulnerable For ... Read more
-
The Hacker News
Fortinet Warns of Active Exploitation of FortiOS SSL VPN 2FA Bypass Vulnerability
Dec 25, 2025Ravie LakshmananVulnerability / Enterprise Security Fortinet on Wednesday said it observed "recent abuse" of a five-year-old security flaw in FortiOS SSL VPN in the wild under certain co ... Read more
-
CybersecurityNews
Hackers Exploiting Three-Year-Old FortiGate Vulnerability to Bypass 2FA on Firewalls
Cybercriminals are actively abusing a long-patched Fortinet FortiGate flaw from July 2020, slipping past two-factor authentication (2FA) on firewalls and potentially granting unauthorized access to VP ... Read more
-
Daily CyberSecurity
Hackers Revive 2020 FortiGate Flaw to Bypass 2FA
Fortinet has issued a warning regarding the active exploitation of a three-year-old vulnerability that allows attackers to bypass two-factor authentication (2FA) on FortiGate firewalls simply by chang ... Read more
-
CybersecurityNews
Ransomware Attack 2025 Recap – From Critical Data Extortion to Operational Disruption
The ransomware landscape in 2025 has reached new heights, evolving from a cybersecurity issue into a strategic threat to national security and global economic stability. This year saw a 34%-50% surge ... Read more
-
The Register
Play ransomware crims exploit SimpleHelp flaw in double-extortion schemes
Groups linked with the Play ransomware have exploited more than 900 organizations, the FBI said Wednesday, and have developed a number of new techniques in their double-extortion campaigns - including ... Read more
-
Cybersecurity News
Unmasking Play Ransomware: Tactics, Techniques, and Mitigation Strategies
EDR detection of threat actor attack actions used in the Lateral Movement phase | Source: AhnLabPlay ransomware, also known as Balloonfly or PlayCrypt, has emerged as a significant cyber threat since ... Read more
The following table lists the changes that have been made to the
CVE-2020-12812 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
Modified Analysis by [email protected]
Oct. 24, 2025
Action Type Old Value New Value Added Reference Type CISA-ADP: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-12812 Types: US Government Resource -
CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0
Oct. 22, 2025
Action Type Old Value New Value Added Reference https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-12812 -
CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0
Oct. 21, 2025
Action Type Old Value New Value Removed Reference https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-12812 -
CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0
Oct. 21, 2025
Action Type Old Value New Value Added Reference https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-12812 -
Modified Analysis by [email protected]
Feb. 24, 2025
Action Type Old Value New Value -
CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0
Feb. 04, 2025
Action Type Old Value New Value Added CVSS V3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Added CWE CWE-287 -
CVE Modified by af854a3a-2127-422b-91ae-364da2661108
Nov. 21, 2024
Action Type Old Value New Value Added Reference https://fortiguard.com/psirt/FG-IR-19-283 -
CVE Modified by [email protected]
May. 14, 2024
Action Type Old Value New Value -
Reanalysis by [email protected]
Feb. 13, 2024
Action Type Old Value New Value Added CWE NIST CWE-287 -
CWE Remap by [email protected]
Jul. 12, 2022
Action Type Old Value New Value Changed CWE CWE-287 CWE-178 -
Initial Analysis by [email protected]
Jul. 28, 2020
Action Type Old Value New Value Added CVSS V2 NIST (AV:N/AC:L/Au:N/C:P/I:P/A:P) Added CVSS V3.1 NIST AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Changed Reference Type https://fortiguard.com/psirt/FG-IR-19-283 No Types Assigned https://fortiguard.com/psirt/FG-IR-19-283 Vendor Advisory Added CWE NIST CWE-287 Added CPE Configuration OR *cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:* versions up to (excluding) 6.0.10 *cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:* versions from (including) 6.2.0 up to (excluding) 6.2.4 *cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*
Vulnerability Scoring Details
Base CVSS Score: 9.8
Base CVSS Score: 7.5
Exploit Prediction
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days.
45.02 }} -0.98%
score
0.97477
percentile