CVE-2020-12812

Summary

An improper authentication vulnerability in SSL VPN in FortiOS 6.4.0, 6.2.0 to 6.2.3, 6.0.9 and below may result in a user being able to log in successfully without being prompted for the second factor of authentication (FortiToken) if they changed the case of their username.

Affected Software

VendorProductVersion RangeStatus
n/aFortinet FortiOSFortiOS 6.4.0, 6.2.0 to 6.2.3, 6.0.9 and belowaffected

Weaknesses

  • Improper Access Control

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: active
    • Automatable: yes
    • Technical Impact: total

Additional References

References