Detections
Analytics

CVE-2019-5591

medium

Description

A Default Configuration vulnerability in FortiOS may allow an unauthenticated attacker on the same subnet to intercept sensitive information by impersonating the LDAP server.

References

https://www.sophos.com/en-us/blog/initial-access-techniques-used-by-iran-based-threat-actors

https://securityaffairs.com/186117/security/five-year-old-fortinet-fortios-ssl-vpn-flaw-actively-exploited.html

https://www.tenable.com/cyber-exposure/a-look-inside-the-ransomware-ecosystem

https://www.tenable.com/cyber-exposure/2021-threat-landscape-retrospective

https://www.cisa.gov/sites/default/files/publications/AA21-321A-Iranian%20Government-Sponsored%20APT%20Actors%20Exploiting%20Microsoft%20Exchange%20and%20Fortinet%20Vulnerabilities.pdf

https://web.archive.org/web/20211025233339/https://twitter.com/pancak3lullz/status/1452679527197560837

https://www.cisa.gov/news-events/cybersecurity-advisories/aa21-209a

https://www.ic3.gov/Media/News/2021/210402.pdf

https://www.tenable.com/blog/frequently-asked-questions-about-iranian-cyber-operations

https://www.tenable.com/blog/cve-2024-55591-fortinet-authentication-bypass-zero-day-vulnerability-exploited-in-the-wild

https://www.tenable.com/blog/cve-2024-21762-critical-fortinet-fortios-out-of-bound-write-ssl-vpn-vulnerability

https://www.tenable.com/blog/aa22-257a-cybersecurity-joint-advisory-on-iranian-islamic-revolutionary-guard-ransomware

https://www.tenable.com/blog/hold-the-door-why-organizations-need-to-prioritize-patching-ssl-vpns

https://www.tenable.com/blog/cve-2018-13379-cve-2019-5591-cve-2020-12812-fortinet-vulnerabilities-targeted-by-apt-actors

https://www.fortiguard.com/psirt/FG-IR-19-037

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-5591

Details

Source: Mitre, NVD

Published: 2020-08-14

Updated: 2025-10-24

Known Exploited Vulnerability (KEV)

Risk Information

CVSS v2

Base Score: 3.3

Vector: CVSS2#AV:A/AC:L/Au:N/C:P/I:N/A:N

Severity: Low

CVSS v3

Base Score: 6.5

Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: Medium

EPSS

EPSS: 0.50553