CVE-2019-5591

Warnung

EPSS 2.56%
Veröffentlicht 14.08.2020 16:15:16
Zuletzt bearbeitet 06.02.2025 16:07:11
Quelle psirt@fortinet.com
Teams Watchlist Login
Unerledigt Login

A Default Configuration vulnerability in FortiOS may allow an unauthenticated attacker on the same subnet to intercept sensitive information by impersonating the LDAP server.

Betroffene Produkte Warnungen 1 Metriken 4 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Fortinet ≫ Fortios Version <= 6.2.0

03.11.2021: CISA Known Exploited Vulnerabilities (KEV) Catalog

Fortinet FortiOS Default Configuration Vulnerability

Schwachstelle

Fortinet FortiOS contains a default configuration vulnerability that may allow an unauthenticated attacker on the same subnet to intercept sensitive information by impersonating the Lightweight Directory Access Protocol (LDAP) server.

Beschreibung

Apply updates per vendor instructions.

Erforderliche Maßnahmen

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	2.56%	0.85

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	3.3	6.5	2.9	AV:A/AC:L/Au:N/C:P/I:N/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0	6.5	2.8	3.6	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-306 Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

https://www.fortiguard.com/psirt/FG-IR-19-037

Vendor Advisory

Mitigation

https://nvd.nist.gov/vuln/detail/CVE-2019-5591

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-5591

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-5591

EUVD