CVE-2020-12812
CRITICAL KEV RANSOMWAREFortiOS 6.4.0, 6.2.0-6.2.3, <6.0.10 - Improper Authentication via Username Case Variation
Title source: llmExploitation Summary
CVE-2020-12812 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added November 3, 2021, with confirmed use in ransomware campaigns.
Description
An improper authentication vulnerability in SSL VPN in FortiOS 6.4.0, 6.2.0 to 6.2.3, 6.0.9 and below may result in a user being able to log in successfully without being prompted for the second factor of authentication (FortiToken) if they changed the case of their username.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_misc
https://fortiguard.com/psirt/FG-IR-19-283
US Government Resource
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-12812
Scores
CVSS v3
9.8
EPSS
0.4191
EPSS Percentile
97.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
active
Automatable
yes
Technical Impact
total
Details
CISA KEV
2021-11-03
VulnCheck KEV
2021-04-02
InTheWild.io
2021-07-23
ENISA EUVD
EUVD-2020-5095
Ransomware Use
Confirmed
CWE
CWE-287
CWE-178
Status
published
Products (2)
fortinet/fortios
6.4.0
fortinet/fortios
< 6.0.10
Published
Jul 24, 2020
KEV Added
Nov 03, 2021
Tracked Since
Feb 18, 2026