Over 10K Fortinet firewalls exposed to actively exploited 2FA bypass

Over 10,000 Fortinet firewalls remain exposed online and vulnerable to attacks exploiting a five-year-old two-factor authentication (2FA) bypass vulnerability (CVE-2020-12812). Fortinet released patches in July 2020 but many firewalls remain unpatched, particularly those requiring LDAP to be enabled. Internet security watchdog Shadowserver tracks over 10,000 vulnerable firewalls, with over 1,300 in the U.S. CISA and the FBI warned in April 2021 that state-sponsored hacking groups were exploiting this vulnerability, and CISA added it to its list of known exploited vulnerabilities in November 2021.