← Back

CVE-2021-22131

nvd nist
Published: Jul 18, 2022Modified: Nov 21, 2024

JSON object

Loading...
5.4
Vector
CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N
Exploitability: 1.2 / Impact: 4.2
Source: NVD

Description

A improper validation of certificate with host mismatch in Fortinet FortiTokenAndroid version 5.0.3 and below, Fortinet FortiTokeniOS version 5.2.0 and below, Fortinet FortiTokenWinApp version 4.0.3 and below allows attacker to retrieve information disclosed via man-in-the-middle attacks.

Affected (30)

Fortinet
1 product
Fortitoken Mobile
Configuration A
30 vulnerable
Vulnerable SoftwareAffected Versions
Fortinet
Fortitoken Mobile
Version 0.4.10
Fortitoken Mobile
Version 0.4.20
Fortitoken Mobile
Version 3.0.0
Fortitoken Mobile
Version 3.0.0
Fortitoken Mobile
Version 3.0.1
Fortitoken Mobile
Version 3.0.1
Fortitoken Mobile
Version 3.0.1
Fortitoken Mobile
Version 3.0.2
Fortitoken Mobile
Version 3.0.2
Fortitoken Mobile
Version 3.0.3
Fortitoken Mobile
Version 3.0.3
Fortitoken Mobile
Version 3.0.4
Fortitoken Mobile
Version 3.0.4
Fortitoken Mobile
Version 3.0.5
Fortitoken Mobile
Version 4.0.0
Fortitoken Mobile
Version 4.0.1
Fortitoken Mobile
Version 4.0.3
Fortitoken Mobile
Version 4.1.0
Fortitoken Mobile
Version 4.1.1
Fortitoken Mobile
Version 4.1.1
Fortitoken Mobile
Version 4.2.0
Fortitoken Mobile
Version 4.2.1
Fortitoken Mobile
Version 4.2.2
Fortitoken Mobile
Version 4.3.0
Fortitoken Mobile
Version 4.3.0
Fortitoken Mobile
Version 4.4.0
Fortitoken Mobile
Version 4.5.0
Fortitoken Mobile
Version 5.0.2
Fortitoken Mobile
Version 5.0.3
Fortitoken Mobile
Version 5.2.0

Related CWEs

CWE-295
Improper Certificate Validation
The product does not validate, or incorrectly validates, a certificate.

References (2)

Source: psirt@fortinet.com
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory

Timeline

No history available yet.