Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

FortiOS SSL VPN CVE-2020-12812 mitigation advisory

Advisory/Mitigation
First reported
Last updated
Happening score
H score 58
2 unique sources, 2 articles

Summary

Hide ▲

Fortinet issued a December 24, 2025 mitigation advisory for CVE-2020-12812, warning that certain FortiOS SSL VPN configurations can let admin or VPN users authenticate without 2FA. The company told customers to disable username sensitivity or remove the secondary LDAP group path so login attempts cannot fall through to the bypass condition. If there is evidence of successful abuse, Fortinet also advised impacted customers to contact support and reset all credentials.

Cases

FortiGate SSL VPN 2FA bypass still under abuse (3)

Related Happenings

SonicWall Gen6 SSL-VPN MFA-bypass flaw (CVE-2024-12802)

Vulnerability
First: 21.05.2026 00:19 Last: 21.05.2026 00:19 Sources 1

About this happening: Researchers confirmed **first-in-the-wild exploitation** of **CVE-2024-12802** against **SonicWall Gen6 SSL-VPN appliances**, showing that incomplete remediation can leave **MFA b...

Open Happening

Fortinet security patch release for CVE-2026-44277

Security Patch Release
First: 12.05.2026 21:23 Last: 12.05.2026 21:23 Sources 1

About this happening: Fortinet released **security updates** for **FortiSandbox** and **FortiAuthenticator** to fix **two critical vulnerabilities** that could let an **unauthenticated attacker** execu...

Open Happening

Cisco security patch release for CVE-2026-20184

Security Patch Release
First: 16.04.2026 14:27 Last: 16.04.2026 14:27 Sources 1

About this happening: **Cisco** released patches for **four critical flaws** affecting **Identity Services Engine (ISE)**, **ISE-PIC**, and **Webex Services**, closing paths to **arbitrary code executi...

Open Happening

Fortinet FortiClient EMS emergency patch release (CVE-2026-35616, CVE-2026-21643)

Security Patch Release
First: 07.04.2026 12:26 Last: 07.04.2026 12:26 Sources 1

About this happening: **Fortinet** released an **emergency hotfix** for **FortiClient Enterprise Management Server (EMS)** after confirming **active exploitation** of **CVE-2026-35616**, a critical fla...

Open Happening

FortiClient EMS improper access control flaw (CVE-2026-35616)

Vulnerability
First: 05.04.2026 21:45 Last: 05.04.2026 21:45 Sources 1

About this happening: **CVE-2026-35616** is being **actively exploited** against **FortiClient Enterprise Management Server (EMS)**, putting exposed **7.4.5 and 7.4.6** deployments at risk of remote co...

Open Happening

Timeline

  1. 25.12.2025 10:22 2 articles · 5mo ago

    Fortinet issues CVE-2020-12812 mitigation guidance

    Mitigation Patch Update

    Fortinet issued updated guidance for CVE-2020-12812 affecting FortiOS SSL VPN deployments where local users with 2FA reference LDAP, warning that username case mismatches can cause FortiGate to fall through to LDAP authentication and let admin or VPN users sign in without 2FA. The company advised affected customers to use the fixed FortiOS releases, disable username sensitivity on newer versions, remove the secondary LDAP group if it is not required, and contact support and reset credentials if there is evidence of unauthorized authentication.

    Show sources
    Open in new tab