CISA Known Exploited Vulnerability

CVE-2019-5591

Fortinet · FortiOS

Fortinet FortiOS Default Configuration Vulnerability

Date added 2021-11-03

BOD 22-01 due date 2022-05-03

CWE CWE-306

Ransomware Unknown

CISA description

Fortinet FortiOS contains a default configuration vulnerability that may allow an unauthenticated attacker on the same subnet to intercept sensitive information by impersonating the Lightweight Directory Access Protocol (LDAP) server.

Required action

Apply updates per vendor instructions.

Notes & references

https://nvd.nist.gov/vuln/detail/CVE-2019-5591

Where this lands in 800-53

Vulnerability data triggers these controls during assessment and continuous monitoring.

RA-5 · Vulnerability Monitoring and Scanning
SI-2 · Flaw Remediation
CM-6 · Configuration Settings
SI-7 · Software, Firmware, and Information Integrity
CM-8 · System Component Inventory

External lookups

NVD · CVE-2019-5591
CVE.org · CVE-2019-5591
CISA KEV catalog (canonical)