Ethical Hacking News
Fortinet firewalls have been exposed to ongoing attacks targeting CVE-2020-12812, which is a critical two-factor authentication bypass vulnerability that was discovered in 2020. Over 10,000 unpatched FortiGate firewalls are still vulnerable to these attacks and are exposed online. In order to protect against such attacks, it's highly recommended for anyone using Fortinet firewalls to patch their systems immediately.
Over 10,000 unpatched FortiGate firewalls are exposed online and vulnerable to attacks using CVE-2020-12812.CISA, FBI, and Arctic Wolf have warned about state-sponsored hacking groups targeting Fortinet FortiOS instances using exploits for multiple vulnerabilities, including one that abuses CVE-2020-12812 to bypass 2FA.Fortinet has released a warning for customers who are using their firewalls and are still vulnerable to CVE-2020-12812 attacks.Experts recommend patching Fortinet firewalls immediately, checking for the latest version of FortiOS, and updating it if necessary to reduce the risk of an attack.
The Fortinet firewalls that are supposed to protect organizations' networks have turned out to be a vulnerability waiting to happen.
Fortinet, the company behind these firewalls, has been warning customers about an ongoing attack targeting vulnerable FortiOS systems using CVE-2020-12812, which was discovered in 2020. This critical two-factor authentication (2FA) bypass vulnerability was patched by Fortinet but its full patching schedule is not yet available to the general public.
Despite this, researchers at Shadowserver have revealed that over 10,000 unpatched FortiGate firewalls are still exposed online and vulnerable to attacks using CVE-2020-12812. This flaw allows attackers to log in to unpatched systems without being prompted for the second factor of authentication (FortiToken) when the username's case is changed.
In addition, CISA and the FBI have warned about state-sponsored hacking groups targeting Fortinet FortiOS instances using exploits for multiple vulnerabilities, including one that abused CVE-2020-12812 to bypass 2FA. Furthermore, cybersecurity company Arctic Wolf has also reported that threat actors are abusing a critical authentication bypass vulnerability (CVE-2025-59718) to hijack admin accounts via malicious single sign-on (SSO) logins.
In order to protect against such attacks, it's highly recommended for anyone using Fortinet firewalls to patch their systems immediately. It would be wise to check if your firewall is still running the latest version of FortiOS and update it to the latest patch if necessary.
This incident highlights the ongoing struggle organizations face in protecting themselves from cyber threats that are continuously evolving at an alarming rate. For more than a decade, cybersecurity experts have been warning about the dangers of these types of attacks but they always seem to find their way into our systems.
Despite these security breaches, organizations can still take steps to protect themselves from such attacks by regularly updating their systems and being aware of any vulnerabilities that may be present in their firewalls. By doing so, you'll significantly reduce the risk of an attack occurring on your system.
In conclusion, this incident is a stark reminder of how vulnerable our systems are when we don't take cybersecurity seriously. To avoid becoming another victim of cyber attacks, it's crucial for everyone to update their systems regularly and implement security patches as soon as they become available.
The world of cybersecurity is constantly changing and evolving at an alarming rate. Therefore, it's essential to stay informed about the latest threats and vulnerabilities in order to protect yourself from them.
In light of this incident, Fortinet has released a warning for customers who are using their firewalls and are still vulnerable to CVE-2020-12812 attacks. The company is urging its users to turn off username-case-sensitivity to block 2FA bypass attempts targeting their devices.
However, it's essential for everyone to take proactive steps in order to protect themselves from cyber threats such as this one. This includes regularly updating your systems, checking for any vulnerabilities that may be present in your firewalls, and implementing security patches as soon as they become available.
In the event of a breach, organizations can report their data loss or theft on the Identity Theft Resource Center website and on the IdentityTheft.gov website. They can also contact Fortinet at (650) 763-8600 to file a complaint.
Related Information:
https://www.ethicalhackingnews.com/articles/Fortinet-Firewalls-Under-Siege-10000-Exposed-to-Ongoing-BlackCat-Ransomware-Attacks-ehn.shtml
https://www.bleepingcomputer.com/news/security/over-10-000-fortinet-firewalls-exposed-to-ongoing-2fa-bypass-attacks/
https://thehackernews.com/2025/12/fortinet-warns-of-active-exploitation.html
https://nvd.nist.gov/vuln/detail/CVE-2020-12812
https://www.cvedetails.com/cve/CVE-2020-12812/
https://nvd.nist.gov/vuln/detail/CVE-2025-59718
https://www.cvedetails.com/cve/CVE-2025-59718/
https://www.socinvestigation.com/comprehensive-list-of-apt-threat-groups-motives-and-attack-methods/
https://cloud.google.com/security/resources/insights/apt-groups
Published: Fri Jan 2 10:25:14 2026 by llama3.2 3B Q4_K_M
