ID

VAR-202008-0193


CVE

CVE-2019-5591


TITLE

FortiOS Vulnerability regarding information leakage in

Trust: 0.8

sources: JVNDB: JVNDB-2019-015828

DESCRIPTION

A Default Configuration vulnerability in FortiOS may allow an unauthenticated attacker on the same subnet to intercept sensitive information by impersonating the LDAP server. FortiOS There is an information leakage vulnerability in.Information may be obtained. Fortinet FortiOS is a set of security operating system dedicated to the FortiGate network security platform developed by Fortinet. The system provides users with various security functions such as firewall, anti-virus, IPSec/SSLVPN, Web content filtering and anti-spam. A security vulnerability exists in Fortinet FortiOS 6.2.0 and earlier versions

Trust: 1.8

sources: NVD: CVE-2019-5591 // JVNDB: JVNDB-2019-015828 // VULHUB: VHN-157026 // VULMON: CVE-2019-5591

AFFECTED PRODUCTS

vendor:fortinetmodel:fortiosscope:lteversion:6.2.0

Trust: 1.0

vendor:fortinetmodel:fortiosscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2019-015828 // NVD: CVE-2019-5591

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-5591
value: MEDIUM

Trust: 1.0

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2019-5591
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2019-015828
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201907-1385
value: MEDIUM

Trust: 0.6

VULHUB: VHN-157026
value: MEDIUM

Trust: 0.1

VULMON: CVE-2019-5591
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2019-5591
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2019-015828
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-157026
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-5591
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 2.0

NVD: JVNDB-2019-015828
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-157026 // VULMON: CVE-2019-5591 // JVNDB: JVNDB-2019-015828 // CNNVD: CNNVD-201907-1385 // NVD: CVE-2019-5591 // NVD: CVE-2019-5591

PROBLEMTYPE DATA

problemtype:CWE-306

Trust: 1.0

problemtype:CWE-200

Trust: 0.9

sources: VULHUB: VHN-157026 // JVNDB: JVNDB-2019-015828 // NVD: CVE-2019-5591

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201907-1385

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201907-1385

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-015828

PATCH

title:FG-IR-19-037url:https://www.fortiguard.com/psirt/FG-IR-19-037

Trust: 0.8

title:Fortinet FortiGate Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=95525

Trust: 0.6

title:The Registerurl:https://www.theregister.co.uk/2021/04/06/in_brief_security/

Trust: 0.2

title:CVE-2018-13379-CVE-2020-12812-CVE-2019-5591url:https://github.com/Exploitspacks/CVE-2018-13379-CVE-2020-12812-CVE-2019-5591

Trust: 0.1

title: - url:https://github.com/triw0lf/Security-Matters-22

Trust: 0.1

title:supplierurl:https://github.com/r0eXpeR/supplier

Trust: 0.1

title:CVE-Flowurl:https://github.com/404notf0und/CVE-Flow

Trust: 0.1

title:BleepingComputerurl:https://www.bleepingcomputer.com/news/security/fbi-apt-hackers-breached-us-local-govt-by-exploiting-fortinet-bugs/

Trust: 0.1

title:BleepingComputerurl:https://www.bleepingcomputer.com/news/security/new-cring-ransomware-hits-unpatched-fortinet-vpn-devices/

Trust: 0.1

title:Threatposturl:https://threatpost.com/fbi-apts-actively-exploiting-fortinet-vpn-security-holes/165213/

Trust: 0.1

title:BleepingComputerurl:https://www.bleepingcomputer.com/news/security/fbi-and-cisa-warn-of-state-hackers-attacking-fortinet-fortios-servers/

Trust: 0.1

sources: VULMON: CVE-2019-5591 // JVNDB: JVNDB-2019-015828 // CNNVD: CNNVD-201907-1385

EXTERNAL IDS

db:NVDid:CVE-2019-5591

Trust: 2.6

db:JVNDBid:JVNDB-2019-015828

Trust: 0.8

db:CNNVDid:CNNVD-201907-1385

Trust: 0.7

db:AUSCERTid:ESB-2019.2820

Trust: 0.6

db:VULHUBid:VHN-157026

Trust: 0.1

db:VULMONid:CVE-2019-5591

Trust: 0.1

sources: VULHUB: VHN-157026 // VULMON: CVE-2019-5591 // JVNDB: JVNDB-2019-015828 // CNNVD: CNNVD-201907-1385 // NVD: CVE-2019-5591

REFERENCES

url:https://www.fortiguard.com/psirt/fg-ir-19-037

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2019-5591

Trust: 1.4

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5591

Trust: 0.8

url:https://fortiguard.com/advisory/fg-ir-19-037

Trust: 0.6

url:https://fortiguard.com/psirt/fg-ir-19-037

Trust: 0.6

url:https://vigilance.fr/vulnerability/fortigate-privilege-escalation-via-unverified-ldap-server-identity-29893

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.2820/

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/306.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://github.com/exploitspacks/cve-2018-13379-cve-2020-12812-cve-2019-5591

Trust: 0.1

url:https://threatpost.com/fbi-apts-actively-exploiting-fortinet-vpn-security-holes/165213/

Trust: 0.1

sources: VULHUB: VHN-157026 // VULMON: CVE-2019-5591 // JVNDB: JVNDB-2019-015828 // CNNVD: CNNVD-201907-1385 // NVD: CVE-2019-5591

CREDITS

James Renken from the Internet Security Research Group and Florian Thiele

Trust: 0.6

sources: CNNVD: CNNVD-201907-1385

SOURCES

db:VULHUBid:VHN-157026
db:VULMONid:CVE-2019-5591
db:JVNDBid:JVNDB-2019-015828
db:CNNVDid:CNNVD-201907-1385
db:NVDid:CVE-2019-5591

LAST UPDATE DATE

2024-10-24T22:39:29.514000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-157026date:2020-08-20T00:00:00
db:VULMONid:CVE-2019-5591date:2021-07-21T00:00:00
db:JVNDBid:JVNDB-2019-015828date:2020-11-17T08:12:47
db:CNNVDid:CNNVD-201907-1385date:2021-04-13T00:00:00
db:NVDid:CVE-2019-5591date:2024-10-24T13:55:59.167

SOURCES RELEASE DATE

db:VULHUBid:VHN-157026date:2020-08-14T00:00:00
db:VULMONid:CVE-2019-5591date:2020-08-14T00:00:00
db:JVNDBid:JVNDB-2019-015828date:2020-11-17T08:12:47
db:CNNVDid:CNNVD-201907-1385date:2019-07-26T00:00:00
db:NVDid:CVE-2019-5591date:2020-08-14T16:15:16.070