CVE-2020-12812
Fortinet FortiOS SSL VPN Improper Authentication Vulnerability
CVSS
—
Sin CVSS
EPSS
49.3%
p99
KEV
SÍ
3 nov 2021
Exploit Today
80
0-100
Publicado: — · Última mod.: —
49.3%EPSS · 30 días49.3%
2026-06-302026-07-16
Producto
Fortinet / FortiOS
Vulnerabilidad
Fortinet FortiOS SSL VPN Improper Authentication Vulnerability
Añadido a KEV
3 nov 2021
Remediar antes de
3 may 2022
Uso conocido en ransomware
Sí
Descripción resumida
Fortinet FortiOS SSL VPN contains an improper authentication vulnerability that may allow a user to login successfully without being prompted for the second factor of authentication (FortiToken) if they change the case in their username.
Acción requerida
Apply updates per vendor instructions.
Notas
https://nvd.nist.gov/vuln/detail/CVE-2020-12812
CVECVSSEPSSKEVRExplotTítuloVis.
CVE-2018-13379—100.0%
KEV—80Fortinet FortiOS SSL VPN Path Traversal Vulnerability—CVE-2022-42475—99.9%
KEV—80Fortinet FortiOS Heap-Based Buffer Overflow Vulnerability—CVE-2024-21762—99.7%
KEV—80Fortinet FortiOS Out-of-Bound Write Vulnerability—CVE-2019-5591—96.9%
KEV—79Fortinet FortiOS Default Configuration Vulnerability—CVE-2022-41328—95.7%
KEV—79Fortinet FortiOS Path Traversal Vulnerability—CVE-2019-6693—92.1%
KEV—78Fortinet FortiOS Use of Hard-Coded Credentials Vulnerability—