Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cisa_kevCISACISA-KEV-CVE-2020-12812
HistoryNov 03, 2021 - 12:00 a.m.

Fortinet FortiOS SSL VPN Improper Authentication Vulnerability

2021-11-0300:00:00
CISA
www.cisa.gov
9
fortinet fortios
ssl vpn
improper authentication
fortitoken

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.029

Percentile

90.9%

JSON

Fortinet FortiOS SSL VPN contains an improper authentication vulnerability that may allow a user to login successfully without being prompted for the second factor of authentication (FortiToken) if they change the case in their username.

Related

cve 1
nessus 1
nvd 1
prion 1
fortinet 1
cvelist 1
attackerkb 3
cisa 1
thn 5
ics 5
threatpost 3
rapid7blog 1
qualysblog 1
cve
cve
CVE-2020-12812
2020-07-24 23:15:12
nessus
nessus
Fortinet FortiOS < 6.0.10 / 6.2.x < 6.2.4 / 6.4.x < 6.4.1 Improper Authentication (FG-IR-19-283)
2020-10-02 00:00:00
nvd
nvd
CVE-2020-12812
2020-07-24 23:15:12
prion
prion
Authentication flaw
2020-07-24 23:15:00
fortinet
fortinet
Protect
2020-07-13 00:00:00
cvelist
cvelist
CVE-2020-12812
2020-07-24 22:28:43
attackerkb
attackerkb
CVE-2020-12812
2020-07-24 00:00:00
CVE-2018-13379 Path Traversal in Fortinet FortiOS
2019-06-04 00:00:00
CVE-2019-5591
2020-08-14 00:00:00
cisa
cisa
FBI-CISA Joint Advisory on Exploitation of Fortinet FortiOS Vulnerabilities
2021-04-02 00:00:00
thn
thn
Double-Extortion Play Ransomware Strikes 300 Organizations Worldwide
2023-12-19 05:42:00
U.S., U.K. and Australia Warn of Iranian Hackers Exploiting Microsoft, Fortinet Flaws
2021-11-17 15:44:00
Unpatched Remote Hacking Flaw Disclosed in Fortinet's FortiWeb WAF
2021-08-18 03:41:00
ics
ics
#StopRansomware: Play Ransomware
2023-12-18 12:00:00
Iranian Government-Sponsored APT Cyber Actors Exploiting Microsoft Exchange and Fortinet Vulnerabilities in Furtherance of Malicious Activities
2021-11-19 12:00:00
#StopRansomware: Hive Ransomware
2022-11-25 12:00:00
threatpost
threatpost
FBI: APTs Actively Exploiting Fortinet VPN Bugs
2021-04-02 19:56:57
Unpatched Fortinet Bug Allows Firewall Takeovers
2021-08-18 12:07:33
Exchange, Fortinet Flaws Being Exploited by Iranian APT, CISA Warns
2021-11-17 17:04:01
rapid7blog
rapid7blog
Attackers Targeting Fortinet Devices and SAP Applications
2021-04-08 17:18:07
qualysblog
qualysblog
CISA Alert: Top Routinely Exploited Vulnerabilities
2021-07-29 00:20:27

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.029

Percentile

90.9%

JSON
Related for CISA-KEV-CVE-2020-12812
cve1nessus1nvd1prion1fortinet1cvelist1attackerkb3cisa1thn5ics5threatpost3rapid7blog1qualysblog1