CVE-2019-5591

Warning

EPSS 2.56%
Published 14.08.2020 16:15:16
Last modified 06.02.2025 16:07:11
Source psirt@fortinet.com
Teams watchlist Login
Open Login

A Default Configuration vulnerability in FortiOS may allow an unauthenticated attacker on the same subnet to intercept sensitive information by impersonating the LDAP server.

Affected products Warnungen 1 Metrics 4 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Fortinet ≫ Fortios Version <= 6.2.0

03.11.2021: CISA Known Exploited Vulnerabilities (KEV) Catalog

Fortinet FortiOS Default Configuration Vulnerability

Vulnerability

Fortinet FortiOS contains a default configuration vulnerability that may allow an unauthenticated attacker on the same subnet to intercept sensitive information by impersonating the Lightweight Directory Access Protocol (LDAP) server.

Description

Apply updates per vendor instructions.

Required actions

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	2.56%	0.85

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	3.3	6.5	2.9	AV:A/AC:L/Au:N/C:P/I:N/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0	6.5	2.8	3.6	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-306 Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

https://www.fortiguard.com/psirt/FG-IR-19-037

Vendor Advisory

Mitigation

https://nvd.nist.gov/vuln/detail/CVE-2019-5591

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-5591

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-5591

EUVD