CVE-2019-5591

Known Exploited (CISA KEV)MEDIUM

6.5

CVSS Severity Score

EPSS Score48.1770%

EPSS Percentile94.92th

PublishedAug 14, 2020

Last ModifiedOct 24, 2025

Vulnerability Description

A Default Configuration vulnerability in FortiOS may allow an unauthenticated attacker on the same subnet to intercept sensitive information by impersonating the LDAP server.

Affected Platforms (CPE)

💻

Fortinet

Fortios

<= 6.2.0

References & Advisories

🔗 https://www.fortiguard.com/psirt/FG-IR-19-037

🔗 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-5591

Related Vulnerabilities

CVE-2005-305710.0

The FTP component in FortiGate 2.8 running FortiOS 2.8MR10 and v3beta, and other versions before 3.0 MR1, allows remote attackers ...

CVE-2025-597189.8

A improper verification of cryptographic signature vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7....

CVE-2018-13529.8

A format string vulnerability in Fortinet FortiOS 5.6.0 allows attacker to execute unauthorized code or commands via the SSH usern...

CVE-2020-128129.8

An improper authentication vulnerability in SSL VPN in FortiOS 6.4.0, 6.2.0 to 6.2.3, 6.0.9 and below may result in a user being a...