Fortinet warns that attackers continue to exploit a critical FortiOS vulnerability (CVE-2020-12812) that allows bypassing two-factor authentication on vulnerable FortiGate firewalls. Organizations with specific LDAP configurations remain at risk, despite patches issued in 2020. #FortiOS #CVE-2020-12812
Keypoints
- The vulnerability CVE-2020-12812 affects FortiGate SSL VPNs and allows username case mismatches to bypass 2FA.
- Fortinet released updates in July 2020 to fix this flaw and advised disabling case sensitivity if patches canβt be applied.
- Recent attacks are exploiting the vulnerability in the wild, targeting LDAP-enabled firewalls with specific configurations.
- Misconfiguration of LDAP secondary groups increases the risk of successful exploitation by attackers.
- FBI and CISA have previously warned about threat actors using this vulnerability in wider attacks, including ransomware campaigns.