Over 10,000 Fortinet firewalls are nonetheless uncovered on-line and weak to ongoing assaults exploiting a five-year-old crucial two-factor authentication (2FA) bypass vulnerability.
Fortinet launched FortiOS variations 6.4.1, 6.2.4, and 6.0.10 in July 2020 to handle this flaw (tracked as CVE-2020-12812) and suggested admins who could not instantly patch to show off username-case-sensitivity to dam 2FA bypass makes an attempt focusing on their units.
This improper authentication safety flaw (rated 9.8/10 in severity) was present in FortiGate SSL VPN and permits attackers to log in to unpatched firewalls with out being prompted for the second issue of authentication (FortiToken) when the username’s case is modified.
Final week, Fortinet warned clients that attackers are nonetheless exploiting CVE-2020-12812, focusing on firewalls with weak configurations that require LDAP (Light-weight Listing Entry Protocol) to be enabled.
“Fortinet has noticed latest abuse of the July 2020 vulnerability FG-IR-19-283 / CVE-2020-12812 within the wild based mostly on particular configurations,” the corporate stated.
On Friday, Web safety watchdog Shadowserver revealed that it at the moment tracks over 10,000 Fortinet firewalls nonetheless uncovered on the Web which might be unpatched towards CVE-2020-12812 and weak to those ongoing assaults, with over 1,300 IP addresses in the USA.
CISA and the FBI warned in April 2021 that state-sponsored hacking teams have been focusing on Fortinet FortiOS cases utilizing exploits for a number of vulnerabilities, together with one which abused CVE-2020-12812 to bypass 2FA.
Seven months later, CISA added CVE-2020-12812 to its listing of identified exploited vulnerabilities, tagging it as exploited in ransomware assaults and ordering U.S. federal businesses to safe their methods by Might 2022.
Fortinet vulnerabilities are often exploited in assaults (usually as zero-day vulnerabilities). As an example, cybersecurity firm Arctic Wolf warned in December that risk actors have been already abusing a crucial authentication bypass vulnerability (CVE-2025-59718) to hijack admin accounts by way of malicious single sign-on (SSO) logins.
One month earlier, Fortinet warned of an actively exploited FortiWeb zero-day (CVE-2025-58034), and one week later, it confirmed that it had silently patched a second FortiWeb zero-day (CVE-2025-64446) that was abused in widespread assaults.
In February 2025, it additionally disclosed that the Chinese language Volt Hurricane risk group exploited two FortiOS flaws (CVE-2023-27997 and CVE-2022-42475) to backdoor a Dutch Ministry of Defence army community utilizing customized Coathanger distant entry trojan malware.
It is price range season! Over 300 CISOs and safety leaders have shared how they’re planning, spending, and prioritizing for the yr forward. This report compiles their insights, permitting readers to benchmark methods, determine rising tendencies, and evaluate their priorities as they head into 2026.
Find out how high leaders are turning funding into measurable influence.
