CVE-2019-5591

🗓️ 14 Aug 2020 15:28:25Reported by fortinetType

cve🔗 web.nvd.nist.gov📰️ 11 Media mentions👁 1095 Views

A Default Configuration vulnerability in FortiOS allows unauthenticated attacker to intercept sensitive information by impersonating LDAP server

Reporter	Title	Published	Views	Family All 31
GithubExploit	Exploit for Missing Authentication for Critical Function in Fortinet Fortios	16 Oct 202522:18	–	githubexploit
ICS	Top Routinely Exploited Vulnerabilities	20 Aug 202112:00	–	ics
ICS	Iranian Government-Sponsored APT Cyber Actors Exploiting Microsoft Exchange and Fortinet Vulnerabilities in Furtherance of Malicious Activities	19 Nov 202112:00	–	ics
ICS	Iranian Islamic Revolutionary Guard Corps-Affiliated Cyber Actors Exploiting Vulnerabilities for Data Extortion and Disk Encryption for Ransom Operations	14 Sep 202212:00	–	ics
ATTACKERKB	CVE-2018-13379 Path Traversal in Fortinet FortiOS	4 Jun 201900:00	–	attackerkb
ATTACKERKB	CVE-2019-5591	14 Aug 202000:00	–	attackerkb
BDU FSTEC	The vulnerability of the FortiOS operating system, related to authentication errors, allows a perpetrator to gain unauthorized access to protected information.	17 Dec 201900:00	–	bdu_fstec
Circl	CVE-2019-5591	14 Aug 202020:55	–	circl
CISA KEV Catalog	Fortinet FortiOS Default Configuration Vulnerability	3 Nov 202100:00	–	cisa_kev
CISA	FBI-CISA Joint Advisory on Exploitation of Fortinet FortiOS Vulnerabilities	2 Apr 202100:00	–	cisa

NVD

Node

fortinet fortiosRange≤6.2.0

[
  {
    "product": "Fortinet FortiOS",
    "vendor": "Fortinet",
    "versions": [
      {
        "status": "affected",
        "version": "FortiOS 6.2.0 and below."
      }
    ]
  }
]

Source	Link
fortiguard	www.fortiguard.com/psirt/FG-IR-19-037
cisa	www.cisa.gov/known-exploited-vulnerabilities-catalog

17 Jun 2026 02:37Current

7.8High risk

Vulners AI Score7.8

CVSS 23.3

CVSS 3.16.5

EPSS0.18566

SSVC