{"id":174759,"date":"2026-01-05T12:03:00","date_gmt":"2026-01-05T17:03:00","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/01\/05\/thousands-of-firewalls-at-risk-as-legacy-flaw-in-fortinet-faces-renewed-threat\/"},"modified":"2026-01-05T17:45:12","modified_gmt":"2026-01-05T22:45:12","slug":"thousands-of-firewalls-at-risk-as-legacy-flaw-in-fortinet-faces-renewed-threat","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/01\/05\/thousands-of-firewalls-at-risk-as-legacy-flaw-in-fortinet-faces-renewed-threat\/","title":{"rendered":"Thousands of firewalls at risk as legacy flaw in Fortinet faces renewed threat"},"content":{"rendered":"<p><a href=\"https:\/\/www.cybersecuritydive.com\/news\/thousands-of-firewalls-at-risk-as-legacy-flaw-in-fortinet-under-renewed-thr\/808739\/\">Thousands of firewalls at risk as legacy flaw in Fortinet faces renewed threat<\/a><\/p>\n<p><a href=\"https:\/\/www.cybersecuritydive.com\/news\/thousands-of-firewalls-at-risk-as-legacy-flaw-in-fortinet-under-renewed-thr\/808739\/\">https:\/\/www.cybersecuritydive.com\/news\/thousands-of-firewalls-at-risk-as-legacy-flaw-in-fortinet-under-renewed-thr\/808739\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-01-05 12:03:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.cybersecuritydive.com\">www.cybersecuritydive.com<\/a><\/p>\n<p>Author: <a href=\"\"><\/a><\/p>\n<p> Using an unordered list, summarize the following article with between 4 and 8 key points. <\/p>\n<p>Researchers warn that thousands of Fortinet instances are at risk of exploitation after the company disclosed that a legacy flaw is under renewed attack.\u00a0<br \/>\nThe vulnerability, tracked as CVE-2020-12812, has been exploited in the wild in recent weeks when operating under certain configurations, according to a blog from Fortinet released on Christmas Eve.\u00a0<br \/>\nThe original flaw related to an improper authentication vulnerability in SSL VPN in FortiOS, which could allow a user to log in without being prompted for a second factor.\u00a0<\/p>\n<p>Under certain configurations, FortiGate can allow Lightweight Directory Access Protocol users to bypass two-factor authentication and instead authenticate against LDAP directly, according to Fortinet. The company said this is due to differences in the behavior of LDAP directories.\u00a0<br \/>\nThe behavior is linked to FortiGate treating usernames as if they are case-sensitive by default when the LDAP directory does the opposite, according to the blog.\u00a0<br \/>\nResearchers at Shadowserver on Friday warned that more than 10,000 Fortinet firewalls remain unpatched, even though the original flaw was disclosed in July 2020.<br \/>\nThe vulnerability has been exploited by a range of actors over the past few years, including ransomware groups tracked as Play and Hive as well as threat actors linked to Iran, according to VulnCheck.\u00a0<br \/>\n\u201cThe vulnerability itself is an improper access control flaw in Fortigate SSL VPNs that allows for initial access to target environments \u2014 always a popular type of vulnerability for attackers,\u201d Caitlin Condon, VP security research at VulnC\/heck told Cybersecurity Dive. \u201cIt&#8217;s disappointing that a five-plus year-old vulnerability is still being leveraged successfully in attacks, but unfortunately, it&#8217;s not terribly surprising.<br \/>\nThe company asked users to get in contact if there is evidence they may have been impacted.<br \/>\nEditor\u2019s note: Adds comment from VulnCheck.<\/p>\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Thousands of firewalls at risk as legacy flaw in Fortinet faces renewed threat https:\/\/www.cybersecuritydive.com\/news\/thousands-of-firewalls-at-risk-as-legacy-flaw-in-fortinet-under-renewed-thr\/808739\/ Publish&#8230;<\/p>\n","protected":false},"author":1,"featured_media":174760,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/imgproxy.divecdn.com\/rlGPQFfMVCPwWzixUAm1dn2KCiIlN1u4PwoSd8Sc9ig\/g:ce\/rs:fit:770:435\/Z3M6Ly9kaXZlc2l0ZS1zdG9yYWdlL2RpdmVpbWFnZS9HZXR0eUltYWdlcy0xMjI0OTY4NDM5LmpwZw==.webp","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[24,27],"class_list":["post-174759","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cybersecurity","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/174759"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=174759"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/174759\/revisions"}],"predecessor-version":[{"id":174761,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/174759\/revisions\/174761"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/174760"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=174759"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=174759"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=174759"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}