Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2020-12812
HistoryJul 24, 2020 - 11:15 p.m.

CVE-2020-12812

2020-07-2423:15:00
CWE-178
CWE-287
[email protected]
web.nvd.nist.gov
982
In Wild
16
cve-2020-12812
ssl vpn
fortios
improper authentication
vulnerability

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.4 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.029 Low

EPSS

Percentile

90.7%

JSON

An improper authentication vulnerability in SSL VPN in FortiOS 6.4.0, 6.2.0 to 6.2.3, 6.0.9 and below may result in a user being able to log in successfully without being prompted for the second factor of authentication (FortiToken) if they changed the case of their username.

Social References

More

Related

nessus 1
prion 1
fortinet 1
cisa_kev 1
attackerkb 3
cisa 1
ics 5
thn 5
threatpost 3
rapid7blog 1
qualysblog 1
nessus
nessus
Fortinet FortiOS < 6.0.10 / 6.2.x < 6.2.4 / 6.4.x < 6.4.1 Improper Authentication (FG-IR-19-283)
2020-10-02 00:00:00
prion
prion
Authentication flaw
2020-07-24 23:15:00
fortinet
fortinet
Protect
2020-07-13 00:00:00
cisa_kev
cisa_kev
Fortinet FortiOS SSL VPN Improper Authentication Vulnerability
2021-11-03 00:00:00
attackerkb
attackerkb
CVE-2020-12812
2020-07-24 00:00:00
CVE-2018-13379 Path Traversal in Fortinet FortiOS
2019-06-04 00:00:00
CVE-2019-5591
2020-08-14 00:00:00
cisa
cisa
FBI-CISA Joint Advisory on Exploitation of Fortinet FortiOS Vulnerabilities
2021-04-02 00:00:00
ics
ics
#StopRansomware: Play Ransomware
2023-12-18 12:00:00
Iranian Government-Sponsored APT Cyber Actors Exploiting Microsoft Exchange and Fortinet Vulnerabilities in Furtherance of Malicious Activities
2021-11-19 12:00:00
#StopRansomware: Hive Ransomware
2022-11-25 12:00:00
thn
thn
Double-Extortion Play Ransomware Strikes 300 Organizations Worldwide
2023-12-19 05:42:00
U.S., U.K. and Australia Warn of Iranian Hackers Exploiting Microsoft, Fortinet Flaws
2021-11-17 15:44:00
Unpatched Remote Hacking Flaw Disclosed in Fortinet's FortiWeb WAF
2021-08-18 03:41:00
threatpost
threatpost
FBI: APTs Actively Exploiting Fortinet VPN Bugs
2021-04-02 19:56:57
Unpatched Fortinet Bug Allows Firewall Takeovers
2021-08-18 12:07:33
Exchange, Fortinet Flaws Being Exploited by Iranian APT, CISA Warns
2021-11-17 17:04:01
rapid7blog
rapid7blog
Attackers Targeting Fortinet Devices and SAP Applications
2021-04-08 17:18:07
qualysblog
qualysblog
CISA Alert: Top Routinely Exploited Vulnerabilities
2021-07-29 00:20:27

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.4 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.029 Low

EPSS

Percentile

90.7%

JSON
Related for CVE-2020-12812
nessus1prion1fortinet1cisa_kev1attackerkb3cisa1ics5thn5threatpost3rapid7blog1qualysblog1