CVE-2019-5591 – Fortinet / FortiOS – Missing authentication for critical function
CVE-2019-5591 is a missing authentication for critical function vulnerability impacting Fortinet FortiOS versions 6.2.0 and earlier. A proof of concept (PoC) was not observed publicly or in the underground. Security researchers at the Cybersecurity and Infrastructure Security Agency (CISA) and other organisations claimed the vulnerability was actively exploited in the wild to compromise unpatched systems.
Summary:
CVE-2019-5591 is a missing authentication for critical function vulnerability impacting Fortinet FortiOS versions 6.2.0 and earlier. A proof of concept (PoC) was not observed publicly or in the underground. Security researchers at the Cybersecurity and Infrastructure Security Agency (CISA) and other organisations claimed the vulnerability was actively exploited in the wild to compromise unpatched systems.
PoC Links(if available):
CISA: Top Routinely Exploited Vulnerabilities –
https://us-cert.cisa.gov/ncas/alerts/aa21-209a
Known Counter Measures:
Fortinet addressed the vulnerability in a security advisory with an updated version.
Links to patches(if available)
https://www.fortiguard.com/psirt/FG-IR-19-037
