CVE-2019-5591
Published: 14 August 2020
Summary
CVE-2019-5591 is a medium-severity Missing Authentication for Critical Function (CWE-306) vulnerability in Fortinet Fortios. Its CVSS base score is 6.5 (Medium).
Operationally, ranked in the top 2.1% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 IA-9 (Service Identification and Authentication) and SC-8 (Transmission Confidentiality and Integrity).
Deeper analysis
CVE-2019-5591 is a default configuration vulnerability affecting FortiOS that stems from missing authentication for a critical function (CWE-306). It enables an attacker to impersonate an LDAP server and thereby expose sensitive information exchanged during authentication or directory lookups.
An unauthenticated attacker positioned on the same local subnet can exploit the issue with low attack complexity. Successful exploitation allows interception of sensitive data, corresponding to the CVSS 6.5 rating that reflects adjacent-network access and high confidentiality impact without requiring privileges or user interaction.
The FortiGuard advisory FG-IR-19-037 addresses the issue, and the vulnerability appears in CISA’s catalog of known exploited vulnerabilities, indicating confirmed real-world exploitation activity.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2019-15166
Vulnerability details
A Default Configuration vulnerability in FortiOS may allow an unauthenticated attacker on the same subnet to intercept sensitive information by impersonating the LDAP server.
- CWE(s)
- KEV Date Added
- 03 November 2021
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Requires identification and authentication of services such as the LDAP server, directly blocking unauthenticated impersonation on the local subnet.
Mandates cryptographic protection of LDAP traffic confidentiality and integrity, preventing interception of sensitive authentication data.
Enforces authentication and access decisions before allowing LDAP directory lookups or credential exchange.