CyberSec.Space Logo
返回 CVE 浏览器

CVE-2020-12812

Known Exploited (CISA KEV)CRITICAL
9.8
CVSS Severity Score
EPSS Score71.9550%
EPSS Percentile85.38th
Published2020年7月24日
Last Modified2025年10月24日

Vulnerability Description

An improper authentication vulnerability in SSL VPN in FortiOS 6.4.0, 6.2.0 to 6.2.3, 6.0.9 and below may result in a user being able to log in successfully without being prompted for the second factor of authentication (FortiToken) if they changed the case of their username.

Affected Platforms (CPE)

💻
Fortinet

Fortios

< 6.0.10
💻
Fortinet

Fortios

>= 6.2.0 and < 6.2.4
💻
Fortinet

Fortios

= 6.4.0

References & Advisories

🔗 https://fortiguard.com/psirt/FG-IR-19-283
🔗 https://fortiguard.com/psirt/FG-IR-19-283
🔗 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-12812

相关漏洞威胁

CVE-2005-305710.0

The FTP component in FortiGate 2.8 running FortiOS 2.8MR10 and v3beta, and other versions before 3.0 MR1, allows remote attackers ...

CVE-2025-597189.8

A improper verification of cryptographic signature vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7....

CVE-2018-13529.8

A format string vulnerability in Fortinet FortiOS 5.6.0 allows attacker to execute unauthorized code or commands via the SSH usern...

CVE-2016-19099.8

Fortinet FortiAnalyzer before 5.0.12 and 5.2.x before 5.2.5; FortiSwitch 3.3.x before 3.3.3; FortiCache 3.0.x before 3.0.8; and Fo...