FortiOS SSL VPN CVE-2020-12812 mitigation advisory
Advisory/Mitigation
Summary
Hide ▲
Show ▼
Fortinet issued a December 24, 2025 mitigation advisory for CVE-2020-12812, warning that certain FortiOS SSL VPN configurations can let admin or VPN users authenticate without 2FA. The company told customers to disable username sensitivity or remove the secondary LDAP group path so login attempts cannot fall through to the bypass condition. If there is evidence of successful abuse, Fortinet also advised impacted customers to contact support and reset all credentials.
Cases
Related Happenings
FortiBleed Fortinet credential-theft campaign
Campaign
H score89
First: 19.06.2026 13:48
Last: 19.06.2026 13:48
Sources 1
About this happening:
The **FortiBleed** Happening is a global **Fortinet credential-theft** campaign affecting **FortiGate firewall** and **SSL VPN** customers. The **UK’s NCSC** issued guidance after...
FortiBleed Fortinet credential-theft campaign
CampaignAbout this happening: The **FortiBleed** Happening is a global **Fortinet credential-theft** campaign affecting **FortiGate firewall** and **SSL VPN** customers. The **UK’s NCSC** issued guidance after...
Latest development: 22.06.2026 11:30
The UK’s National Cyber Security Centre issued guidance for Fortinet customers impacted by FortiBleed after the campaign exposed around 75,000 credentials from FortiGate firewall and SSL VPN customers. The NCSC urged affected organizations to use Hudson Rock’s or SOCRadar’s FortiBleed checker tools and then review indicators of compromise such as unauthorized account creation and unexpected activity in log files.
SonicWall Gen6 SSL-VPN MFA-bypass flaw (CVE-2024-12802)
Vulnerability
H score50
First: 21.05.2026 00:19
Last: 21.05.2026 00:19
Sources 1
About this happening:
Researchers confirmed **first-in-the-wild exploitation** of **CVE-2024-12802** against **SonicWall Gen6 SSL-VPN appliances**, showing that incomplete remediation can leave **MFA b...
SonicWall Gen6 SSL-VPN MFA-bypass flaw (CVE-2024-12802)
VulnerabilityAbout this happening: Researchers confirmed **first-in-the-wild exploitation** of **CVE-2024-12802** against **SonicWall Gen6 SSL-VPN appliances**, showing that incomplete remediation can leave **MFA b...
Fortinet security patch release for CVE-2026-44277
Security Patch Release
H score39
First: 12.05.2026 21:23
Last: 12.05.2026 21:23
Sources 1
About this happening:
Fortinet released **security updates** for **FortiSandbox** and **FortiAuthenticator** to fix **two critical vulnerabilities** that could let an **unauthenticated attacker** execu...
Fortinet security patch release for CVE-2026-44277
Security Patch ReleaseAbout this happening: Fortinet released **security updates** for **FortiSandbox** and **FortiAuthenticator** to fix **two critical vulnerabilities** that could let an **unauthenticated attacker** execu...
Cisco security patch release for CVE-2026-20184
Security Patch Release
H score44
First: 16.04.2026 14:27
Last: 16.04.2026 14:27
Sources 1
About this happening:
**Cisco** released patches for **four critical flaws** affecting **Identity Services Engine (ISE)**, **ISE-PIC**, and **Webex Services**, closing paths to **arbitrary code executi...
Cisco security patch release for CVE-2026-20184
Security Patch ReleaseAbout this happening: **Cisco** released patches for **four critical flaws** affecting **Identity Services Engine (ISE)**, **ISE-PIC**, and **Webex Services**, closing paths to **arbitrary code executi...
Fortinet FortiClient EMS emergency patch release (CVE-2026-35616, CVE-2026-21643)
Security Patch Release
H score53
First: 07.04.2026 12:26
Last: 07.04.2026 12:26
Sources 1
About this happening:
**Fortinet FortiClient EMS** is a **security-patch release** happening centered on **CVE-2026-35616** and **CVE-2026-21643**. Fortinet issued an **out-of-band emergency hotfix** a...
Fortinet FortiClient EMS emergency patch release (CVE-2026-35616, CVE-2026-21643)
Security Patch ReleaseAbout this happening: **Fortinet FortiClient EMS** is a **security-patch release** happening centered on **CVE-2026-35616** and **CVE-2026-21643**. Fortinet issued an **out-of-band emergency hotfix** a...
Latest development: 28.05.2026 18:26
Arctic Wolf observed threat actors abusing FortiClient Endpoint Management Server (EMS) and CVE-2026-35616 in May 2026 to modify EMS-managed configuration, disguise FortiEndpoint_Patch.exe as a Fortinet endpoint update, and use fortitray.exe, cmd.exe, and a Base64-encoded PowerShell chain to download malware and exfiltrate browser data to 83.138.53[.]110.
Timeline
-
25.12.2025 10:22 2 articles · 6mo ago
Fortinet issues CVE-2020-12812 mitigation guidance
Mitigation Patch UpdateFortinet issued updated guidance for CVE-2020-12812 affecting FortiOS SSL VPN deployments where local users with 2FA reference LDAP, warning that username case mismatches can cause FortiGate to fall through to LDAP authentication and let admin or VPN users sign in without 2FA. The company advised affected customers to use the fixed FortiOS releases, disable username sensitivity on newer versions, remove the secondary LDAP group if it is not required, and contact support and reset credentials if there is evidence of unauthorized authentication.
Show sources
- Fortinet Warns of Active Exploitation of FortiOS SSL VPN 2FA Bypass Vulnerability — thehackernews.com — 25.12.2025 10:22
- Fortinet warns of 5-year-old FortiOS 2FA bypass still exploited in attacks — www.bleepingcomputer.com — 29.12.2025 13:16