CVE-2019-5591

Warnung

EPSS 2.7%
Veröffentlicht 14.08.2020 16:15:16
Zuletzt bearbeitet 24.10.2025 12:54:02
Quelle psirt@fortinet.com
CVE-Watchlists
Login
Unerledigt
Login

A Default Configuration vulnerability in FortiOS may allow an unauthenticated attacker on the same subnet to intercept sensitive information by impersonating the LDAP server.

Betroffene Produkte Warnungen 1 Metriken 4 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Fortinet ≫ Fortios Version <= 6.2.0

03.11.2021: CISA Known Exploited Vulnerabilities (KEV) Catalog

Fortinet FortiOS Default Configuration Vulnerability

Schwachstelle

Fortinet FortiOS contains a default configuration vulnerability that may allow an unauthenticated attacker on the same subnet to intercept sensitive information by impersonating the Lightweight Directory Access Protocol (LDAP) server.

Beschreibung

Apply updates per vendor instructions.

Erforderliche Maßnahmen

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	2.7%	0.854

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	3.3	6.5	2.9	AV:A/AC:L/Au:N/C:P/I:N/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0	6.5	2.8	3.6	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-306 Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

https://www.fortiguard.com/psirt/FG-IR-19-037

Vendor Advisory

Mitigation

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-5591

US Government Resource

https://nvd.nist.gov/vuln/detail/CVE-2019-5591

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-5591

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-5591

EUVD