Fortinet : Security Vulnerabilities, CVEs, Published In 2020 (Gain Privilege)
CVE-2020-12812
Known exploited
Used for ransomware
An improper authentication vulnerability in SSL VPN in FortiOS 6.4.0, 6.2.0 to 6.2.3, 6.0.9 and below may result in a user being able to log in successfully without being prompted for the second factor of authentication (FortiToken) if they changed the case of their username.
Max CVSS
9.8
EPSS Score
2.92%
Published
2020-07-24
Updated
2024-02-13
CISA KEV Added
2021-11-03
CVE-2020-9294
Public exploit
An improper authentication vulnerability in FortiMail 5.4.10, 6.0.7, 6.2.2 and earlier and FortiVoiceEntreprise 6.0.0 and 6.0.1 may allow a remote unauthenticated attacker to access the system as a legitimate user by requesting a password change via the user interface.
Max CVSS
9.8
EPSS Score
2.10%
Published
2020-04-27
Updated
2024-01-18
A privilege escalation vulnerability in FortiClient for Linux 6.2.1 and below may allow a user with low privilege to overwrite system files as root with arbitrary content through system backup file via specially crafted "BackupConfig" type IPC client requests to the fctsched process. Further more, FortiClient for Linux 6.2.2 and below allow low privilege user write the system backup file under root privilege through GUI thus can cause root system file overwrite.
Max CVSS
7.1
EPSS Score
0.04%
Published
2020-02-07
Updated
2020-08-24
A privilege escalation vulnerability in FortiClient for Linux 6.2.1 and below may allow an user with low privilege to run system commands under root privilege via injecting specially crafted "ExportLogs" type IPC client requests to the fctsched process.
Max CVSS
7.8
EPSS Score
0.05%
Published
2020-02-06
Updated
2020-08-24
4 vulnerabilities found