Cybersecurity

Over 10k Fortinet Firewalls Exposed To Actively Exploited 2fa Bypass

2026-01-02 0 views admin
Over 10k Fortinet Firewalls Exposed To Actively Exploited 2fa Bypass

Over 10,000 Fortinet firewalls are still exposed online and vulnerable to ongoing attacks exploiting a five-year-old critical two-factor authentication (2FA) bypass vulnerability.

Fortinet released FortiOS versions 6.4.1, 6.2.4, and 6.0.10 in July 2020 to address this flaw (tracked as CVE-2020-12812) and advised admins who couldn't immediately patch to turn off username-case-sensitivity to block 2FA bypass attempts targeting their devices.

This improper authentication security flaw (rated 9.8/10 in severity) was found in FortiGate SSL VPN and allows attackers to log in to unpatched firewalls without being prompted for the second factor of authentication (FortiToken) when the username's case is changed.

Last week, Fortinet warned customers that attackers are still exploiting CVE-2020-12812, targeting firewalls with vulnerable configurations that require LDAP (Lightweight Directory Access Protocol) to be enabled.

"Fortinet has observed recent abuse of the July 2020 vulnerability FG-IR-19-283 / CVE-2020-12812 in the wild based on specific configurations," the company said.

On Friday, Internet security watchdog Shadowserver revealed that it currently tracks over 10,000 Fortinet firewalls still exposed on the Internet that are unpatched against CVE-2020-12812 and vulnerable to these ongoing attacks, with over 1,300 IP addresses in the United States.

​CISA and the FBI warned in April 2021 that state-sponsored hacking groups were targeting Fortinet FortiOS instances using exploits for multiple vulnerabilities, including one that abused CVE-2020-12812 to bypass 2FA.

Seven months later, CISA added CVE-2020-12812 to its list of known exploited vulnerabilities, tagging it as exploited in ransomware attacks and ordering U.S. federal agencies to secure their systems by May 2022.

Fortinet vulnerabilities are frequently exploited in attacks (often as zero-day vulnerabilities). For instance, cybersecurity company Arctic Wolf warned in December that threat actors were already abusing a critical authentication bypass vulnerability (CVE-2025-59718) to hijack admin accounts via malicious single sign-on (SSO) logins.

One month earlier, Fortinet warned of an actively exploited FortiWeb zero-day (CVE-2025-58034), and one week later, it confirmed that it had silently patched a second FortiWeb zero-day (CVE-2025-64446) that was abused in widespread attacks.

Source: BleepingComputer

🏷️ Tags

cybersecuritysecurityhackvulnerabilitycve

More from Cybersecurity

Google Is Testing A New Image AI And It's Going To Be Its Fastest...

Google Is Testing A New Image AI And It's Going To Be Its Fastest...

2026-01-02 0
Trust Wallet Links $8.5 Million Crypto Theft To Shai-hulud Npm Attack

Trust Wallet Links $8.5 Million Crypto Theft To Shai-hulud Npm Attack

2026-01-02 0
Cybersecurity Predictions For 2026: Navigating The Future Of...

Cybersecurity Predictions For 2026: Navigating The Future Of...

2026-01-02 0
Critical CTO New Year Resolutions For A More Secure 2026

Critical CTO New Year Resolutions For A More Secure 2026

2026-01-02 0

Trending

1

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

2025-10-27 • 189 views
2

CVE-2025-43939: Dell Unity OS Command Injection (High)

2025-10-30 • 148 views
3

Google disputes false claims of massive Gmail data breach

2025-10-30 • 130 views
4

Microsoft: DNS outage impacts Azure and Microsoft 365 services

2025-10-30 • 88 views
5

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting

2025-11-25 • 81 views