vulnerability🌐InternationalBleepingComputer
Over 10K Fortinet Firewalls Exposed to Actively Exploited 2FA Bypass
Friday, January 2, 2026
What
A critical FortiGate SSL VPN 2FA bypass vulnerability (CVE-2020-12812) from 2020 is still actively exploited, affecting over 10,000 unpatched Fortinet firewalls globally. This allows unauthorized access by manipulating username case, particularly when LDAP is enabled, bypassing FortiToken.
Where
Over 10,000 Fortinet firewalls globally, including more than 1,300 IP addresses in the United States, are affected.
When
The vulnerability was patched in July 2020, but active exploitation was warned by CISA/FBI in April 2021 and is still ongoing as of late 2025/early 2026.
Key Factors
- •The vulnerability, CVE-2020-12812, is an improper authentication flaw (CVSS 9.8) in FortiGate SSL VPN that allows 2FA bypass by altering username case.
- •Exploitation specifically targets configurations where LDAP is enabled, allowing attackers to circumvent FortiToken requirements.
- •Despite being patched in 2020, over 10,000 devices remain unpatched and exposed, highlighting persistent patching challenges for critical, known exploited vulnerabilities.
Takeaways
- →Immediately apply available patches for FortiOS versions 6.4.1, 6.2.4, and 6.0.10, or disable username-case-sensitivity if patching is not feasible.
- →Regularly audit network devices for known exploited vulnerabilities and ensure timely patching to prevent unauthorized access to critical infrastructure.
Read Full Article
Opens original article on BleepingComputer
