Sign-up

ID

VAR-202008-0193


CVE

CVE-2019-5591


TITLE

FortiOS Vulnerability regarding information leakage in

Trust: 0.8

sources: JVNDB: JVNDB-2019-015828

DESCRIPTION

A Default Configuration vulnerability in FortiOS may allow an unauthenticated attacker on the same subnet to intercept sensitive information by impersonating the LDAP server. FortiOS There is an information leakage vulnerability in.Information may be obtained. Fortinet FortiOS is a set of security operating system dedicated to the FortiGate network security platform developed by Fortinet. The system provides users with various security functions such as firewall, anti-virus, IPSec/SSLVPN, Web content filtering and anti-spam. A security vulnerability exists in Fortinet FortiOS 6.2.0 and earlier versions

Trust: 1.8

sources: NVD: CVE-2019-5591 // JVNDB: JVNDB-2019-015828 // VULHUB: VHN-157026 // VULMON: CVE-2019-5591

AFFECTED PRODUCTS

vendor:fortinetmodel:fortiosscope:lteversion:6.2.0

Trust: 1.0

vendor:fortinetmodel:fortiosscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2019-015828 // NVD: CVE-2019-5591

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-5591
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2019-015828
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201907-1385
value: MEDIUM

Trust: 0.6

VULHUB: VHN-157026
value: MEDIUM

Trust: 0.1

VULMON: CVE-2019-5591
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2019-5591
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2019-015828
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-157026
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-5591
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: JVNDB-2019-015828
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-157026 // VULMON: CVE-2019-5591 // JVNDB: JVNDB-2019-015828 // CNNVD: CNNVD-201907-1385 // NVD: CVE-2019-5591

PROBLEMTYPE DATA

problemtype:CWE-306

Trust: 1.0

problemtype:CWE-200

Trust: 0.9

sources: VULHUB: VHN-157026 // JVNDB: JVNDB-2019-015828 // NVD: CVE-2019-5591

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201907-1385

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201907-1385

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-015828

PATCH
title:FG-IR-19-037url:https://www.fortiguard.com/psirt/FG-IR-19-037
Trust: 0.8
title:Fortinet FortiGate Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=95525
Trust: 0.6
title:The Registerurl:https://www.theregister.co.uk/2021/04/06/in_brief_security/
Trust: 0.2
title:CVE-2018-13379-CVE-2020-12812-CVE-2019-5591url:https://github.com/Exploitspacks/CVE-2018-13379-CVE-2020-12812-CVE-2019-5591 
Trust: 0.1
title: - url:https://github.com/triw0lf/Security-Matters-22 
Trust: 0.1
title:supplierurl:https://github.com/r0eXpeR/supplier 
Trust: 0.1
title:CVE-Flowurl:https://github.com/404notf0und/CVE-Flow 
Trust: 0.1
title:BleepingComputerurl:https://www.bleepingcomputer.com/news/security/fbi-apt-hackers-breached-us-local-govt-by-exploiting-fortinet-bugs/
Trust: 0.1
title:BleepingComputerurl:https://www.bleepingcomputer.com/news/security/new-cring-ransomware-hits-unpatched-fortinet-vpn-devices/
Trust: 0.1
title:Threatposturl:https://threatpost.com/fbi-apts-actively-exploiting-fortinet-vpn-security-holes/165213/
Trust: 0.1
title:BleepingComputerurl:https://www.bleepingcomputer.com/news/security/fbi-and-cisa-warn-of-state-hackers-attacking-fortinet-fortios-servers/
Trust: 0.1
sources:
            
            
            VULMON: CVE-2019-5591 // 
            
            
            
            JVNDB: JVNDB-2019-015828 // 
            
            
            
            CNNVD: CNNVD-201907-1385

EXTERNAL IDS
db:NVDid:CVE-2019-5591
Trust: 2.6
db:JVNDBid:JVNDB-2019-015828
Trust: 0.8
db:CNNVDid:CNNVD-201907-1385
Trust: 0.7
db:AUSCERTid:ESB-2019.2820
Trust: 0.6
db:VULHUBid:VHN-157026
Trust: 0.1
db:VULMONid:CVE-2019-5591
Trust: 0.1
sources:
            
            
            VULHUB: VHN-157026 // 
            
            
            
            VULMON: CVE-2019-5591 // 
            
            
            
            JVNDB: JVNDB-2019-015828 // 
            
            
            
            CNNVD: CNNVD-201907-1385 // 
            
            
            
            NVD: CVE-2019-5591

REFERENCES
url:https://www.fortiguard.com/psirt/fg-ir-19-037
Trust: 1.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-5591
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5591
Trust: 0.8
url:https://fortiguard.com/advisory/fg-ir-19-037
Trust: 0.6
url:https://fortiguard.com/psirt/fg-ir-19-037
Trust: 0.6
url:https://vigilance.fr/vulnerability/fortigate-privilege-escalation-via-unverified-ldap-server-identity-29893
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2019.2820/
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/306.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://github.com/exploitspacks/cve-2018-13379-cve-2020-12812-cve-2019-5591
Trust: 0.1
url:https://threatpost.com/fbi-apts-actively-exploiting-fortinet-vpn-security-holes/165213/
Trust: 0.1
sources:
            
            
            VULHUB: VHN-157026 // 
            
            
            
            VULMON: CVE-2019-5591 // 
            
            
            
            JVNDB: JVNDB-2019-015828 // 
            
            
            
            CNNVD: CNNVD-201907-1385 // 
            
            
            
            NVD: CVE-2019-5591

CREDITS
James Renken from the Internet Security Research Group and Florian Thiele
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201907-1385

SOURCES
db:VULHUBid:VHN-157026
db:VULMONid:CVE-2019-5591
db:JVNDBid:JVNDB-2019-015828
db:CNNVDid:CNNVD-201907-1385
db:NVDid:CVE-2019-5591

LAST UPDATE DATE
2024-08-14T15:07:09.262000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-157026date:2020-08-20T00:00:00
db:VULMONid:CVE-2019-5591date:2021-07-21T00:00:00
db:JVNDBid:JVNDB-2019-015828date:2020-11-17T08:12:47
db:CNNVDid:CNNVD-201907-1385date:2021-04-13T00:00:00
db:NVDid:CVE-2019-5591date:2021-07-21T11:39:23.747

SOURCES RELEASE DATE
db:VULHUBid:VHN-157026date:2020-08-14T00:00:00
db:VULMONid:CVE-2019-5591date:2020-08-14T00:00:00
db:JVNDBid:JVNDB-2019-015828date:2020-11-17T08:12:47
db:CNNVDid:CNNVD-201907-1385date:2019-07-26T00:00:00
db:NVDid:CVE-2019-5591date:2020-08-14T16:15:16.070