Critical 9.8 Fortinet Flaw from 2020 Actively Exploited

A long-standing critical vulnerability in Fortinet’s FortiOS platform — originally disclosed in July 2020 — is once again being actively exploited in real-world attacks. Despite patches being available for more than five years, threat actors are targeting unpatched systems to bypass multi-factor authentication (MFA) and gain unauthorized access to enterprise assets. (SC Media)

Understanding the Vulnerability

The flaw, tracked as CVE-2020-12182, carries a CVSS score of 9.8, indicating its extremely high severity. It allows threat actors to bypass MFA by manipulating the case-sensitivity of usernames, effectively forcing FortiOS to skip secondary authentication checks under specific configurations. (SC Media)

Security researchers and industry analysts stress that this vulnerability is being actively exploited in the wild, with attackers focusing on exposed Fortinet firewalls and VPN gateways that remain unpatched — often despite years of availability of security updates. (BleepingComputer)

Why This Matters

Fortinet is widely deployed in enterprise and service provider environments to secure perimeter networks, remote access and internal firewalls. When a FortiOS device is compromised:

Adversaries can gain administrative access to network infrastructure.
Compromise can enable lateral movement across a corporate estate.
Sensitive user and system data may be exfiltrated or manipulated.

Unpatched systems — particularly those with remote access services such as SSL VPN enabled — remain at elevated risk. (BleepingComputer)

Industry & Government Recognition

This vulnerability has drawn attention beyond vendor advisories; it is consistently discussed in cybersecurity news and vulnerability tracking services due to its high exploitability and ongoing abuse by attackers. For example, SC Media has highlighted its active exploitation status, noting that authentic OAuth logins may be misused to grant access under false pretenses. (SC Media)

Recommended Actions for Security Teams

To mitigate risk from this and similar legacy vulnerabilities, security teams should take the following actions:

Immediate Patch Deployment
Apply the latest FortiOS patches if not already deployed. Fortinet issued fixes for this flaw in 2020, and updated builds are available. (SC Media)
Review MFA and LDAP Configurations
Assess and correct inconsistent case-sensitivity handling between internal identity sources (like LDAP/AD) and FortiOS to eliminate bypass vectors. (SC Media)
Network Exposure Reduction
Reduce direct internet exposure for Fortinet management interfaces. Place vulnerable services behind secure access proxies or network security monitoring controls.
Continuous Vulnerability Management & Patch Verification
Fortinet products have appeared frequently on the CISA Known Exploited Vulnerabilities (KEV) catalog, underscoring the need for regular patch verification and automated compliance tracking.