fortinet fortios CVE-2019-5591 is a vulnerability in Fortinet FortiOS
Published on August 14, 2020

A Default Configuration vulnerability in FortiOS may allow an unauthenticated attacker on the same subnet to intercept sensitive information by impersonating the LDAP server.

Vendor Advisory Vendor Advisory NVD

Known Exploited Vulnerability

This Fortinet FortiOS Default Configuration Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. A Default Configuration vulnerability in FortiOS may allow an unauthenticated attacker on the same subnet to intercept sensitive information by impersonating the LDAP server.

The following remediation steps are recommended / required by May 3, 2022: Apply updates per vendor instructions.

Vulnerability Analysis

Missing Authentication for Critical Function

The software does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.


Products Associated with CVE-2019-5591

You can be notified by stack.watch whenever vulnerabilities like CVE-2019-5591 are published in these products:

 

What versions of FortiOS are vulnerable to CVE-2019-5591?