CVE-2019-5591

CVE Database · CVE-2019-5591

CVE-2019-5591

· MEDIUMAnalyzed

CVSS v3.1

6.5

EPSS

18.57%

Published

Aug 14, 2020

Modified

Oct 24, 2025

CISA Known Exploited Vulnerability

Added: 2021-11-03 · Due: 2022-05-03

Apply updates per vendor instructions.

Public PoC / Exploit (3)

All weaponized →

NucleiNuclei detection template TrickestTrickest PoC index GitHub PoCayewo/fortios-ldap-mitm-poc-CVE-2019-5591★1

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A Default Configuration vulnerability in FortiOS may allow an unauthenticated attacker on the same subnet to intercept sensitive information by impersonating the LDAP server.

CVSS Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Weaknesses (CWE)

CWE-306CWE-306

Affected Products (1)

fortinet · fortiosvulnerable

References (3)

https://www.fortiguard.com/psirt/FG-IR-19-037

MitigationVendor Advisory

https://www.fortiguard.com/psirt/FG-IR-19-037

MitigationVendor Advisory

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-5591

US Government Resource

KEV Catalog EPSS Scores Vendors All CVEs