CVE-2019-5591

MEDIUM KEV RANSOMWARE NUCLEI

Fortinet Fortios < 6.2.0 - Missing Authentication

Title source: rule

Description

A Default Configuration vulnerability in FortiOS may allow an unauthenticated attacker on the same subnet to intercept sensitive information by impersonating the LDAP server.

Exploits (1)

nomisec WORKING POC

by ayewo · poc

https://github.com/ayewo/fortios-ldap-mitm-poc-CVE-2019-5591

View Code ZIP pw:eip

Nuclei Templates (1)

FortiOS - Insecure LDAP Configuration Detection

MEDIUMby ayewo

Shodan: cpe:"cpe:2.3:o:fortinet:fortios"

References (2)

[Mitigation, Vendor Advisory] https://www.fortiguard.com/psirt/FG-IR-19-037

[US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-5591

Scores

CVSS v3 6.5

EPSS 0.4836

EPSS Percentile 97.8%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CISA KEV 2021-11-03

VulnCheck KEV 2021-04-02

InTheWild.io 2021-07-23

ENISA EUVD EUVD-2019-15166

Ransomware Use Confirmed

CWE

CWE-306

Status published

Products (1)

fortinet/fortios < 6.2.0

Published Aug 14, 2020

KEV Added Nov 03, 2021

Tracked Since Feb 18, 2026