CVE-2019-5591

ENISA EUVD: EUVD-2019-15166 ↗

Exploited in the Wild ✓ Confirmed 0-Day

Triaged: March 20, 2026 4 articles Published: 2020-08-14

VulnLookup ↗ NVD ↗ EUVD ↗ MITRE ↗ CISA KEV ↗

EPSS Score

Source: FIRST.org · 2026-05-23

50.55%

probability

This CVE has a 50.55% probability of being exploited in the next 30 days.

0% Top 97.9th percentile of all CVEs 100%

CVSS v3.1

Source: VulnerabilityLookup (CIRCL)

6.5

MEDIUM

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS v2 (legacy)

3.3

LOW

Access Vector

Adjacent Network

Access Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

None

Availability

None

AV:A/AC:L/Au:N/C:P/I:N/A:N

Description

VulnerabilityLookup (CNA)

A Default Configuration vulnerability in FortiOS may allow an unauthenticated attacker on the same subnet to intercept sensitive information by impersonating the LDAP server.

Affected Products

Fortinet

Fortinet FortiOS

FortiOS 6.2.0 and below.

fortinet

fortios

Fortinet

Fortinet FortiOS

FortiOS 6.2.0 and below.

Attack Intelligence

CWE-284 · Improper Access Control CWE-287 · Improper Authentication CWE-306 · Missing Authentication

Exploits & PoC

ayewo/fortios-ldap-mitm-poc-CVE-2019-5591

The default configuration of LDAP on FortiOS v6.0.x to v6.2.0 does not check server identity for LDAP/S leading to MITM attacks. This PoC demos full e

1 2025-10-17

1 repo — triés par ⭐ Rechercher sur GitHub ↗

https://www.fortiguard.com/psirt/FG-IR-19-037

x_refsource_CONFIRM

Signal Intelligence

Confidenceⓘ

75%

EPSS 50.55%

CVSS v3.1 6.5

Mentions 4

Last Seen Aug 17, 2021

CNA Information

CNA Assigner

fortinet

Analyst Note

BleepingComputer article explicitly labels CVE-2019-5591 as a 'zero-day allowing remote server takeover' with Fortinet delays in patching. TheHackerNews confirms an unpatched OS command injection in FortiWeb. The 2019 CVE year combined with contemporary reporting of active exploitation and delayed patches supports zero-day classification.

Threat Actors 4

Lazarus Group

apt_group Information theft and espionage 🇰🇵 KP

APT 29

apt_group Information theft and espionage 🇷🇺 RU

CHRYSENE

apt_group Information theft and espionage 🇮🇷 IR

APT42

apt_group Information theft and espionage 🇮🇷 IR

Triage Info

Decided atMar 20, 2026

Published DateAug 14, 2020