CVEPublished 2020-08-141 article on news7 live referencesNVD data

CVE-2019-5591

Vulnerability data via CVEDB (Shodan)

CISA KEVKnown exploited in the wild.
CISA action: Fortinet FortiOS contains a default configuration vulnerability that may allow an unauthenticated attacker on the same subnet to intercept sensitive information by impersonating the Lightweight Directory Access Protocol (LDAP) server.
CVSS v3.1
6.5
MEDIUM
EPSS percentile
97
Exploit Prediction Scoring System · top 3% of all CVEs
Description

A Default Configuration vulnerability in FortiOS may allow an unauthenticated attacker on the same subnet to intercept sensitive information by impersonating the LDAP server.

Timeline
Published 2020-08-14

External references

Search for exposed instances

Shodan + Censys queries derived from NVD's CPE data. The vuln tag catches assets Shodan has explicitly linked to this CVE; the product / banner fingerprints find exposed instances even when the vuln tag was never applied (which is common). Live host counts are a Premium feature.

More intel sources (5)

Known PoCs on GitHub (5)