Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-22131

A improper validation of certificate with host mismatch in Fortinet FortiTokenAndroid version 5.0.3 and below, Fortinet FortiTokeniOS version 5.2.0 and below, Fortinet FortiTokenWinApp version 4.0.3 and below allows attacker to retrieve information disclosed via man-in-the-middle attacks.

Published

2022-07-18T18:15:08.620

Last Modified

2024-11-21T05:49:33.903

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.4 (MEDIUM)

Weaknesses

Type: Primary
CWE-295

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	fortinet	fortitoken_mobile	0.4.10	Yes
Application	fortinet	fortitoken_mobile	0.4.20	Yes
Application	fortinet	fortitoken_mobile	3.0.0	Yes
Application	fortinet	fortitoken_mobile	3.0.0	Yes
Application	fortinet	fortitoken_mobile	3.0.1	Yes
Application	fortinet	fortitoken_mobile	3.0.1	Yes
Application	fortinet	fortitoken_mobile	3.0.1	Yes
Application	fortinet	fortitoken_mobile	3.0.2	Yes
Application	fortinet	fortitoken_mobile	3.0.2	Yes
Application	fortinet	fortitoken_mobile	3.0.3	Yes
Application	fortinet	fortitoken_mobile	3.0.3	Yes
Application	fortinet	fortitoken_mobile	3.0.4	Yes
Application	fortinet	fortitoken_mobile	3.0.4	Yes
Application	fortinet	fortitoken_mobile	3.0.5	Yes
Application	fortinet	fortitoken_mobile	4.0.0	Yes
Application	fortinet	fortitoken_mobile	4.0.1	Yes
Application	fortinet	fortitoken_mobile	4.0.3	Yes
Application	fortinet	fortitoken_mobile	4.1.0	Yes
Application	fortinet	fortitoken_mobile	4.1.1	Yes
Application	fortinet	fortitoken_mobile	4.1.1	Yes
Application	fortinet	fortitoken_mobile	4.2.0	Yes
Application	fortinet	fortitoken_mobile	4.2.1	Yes
Application	fortinet	fortitoken_mobile	4.2.2	Yes
Application	fortinet	fortitoken_mobile	4.3.0	Yes
Application	fortinet	fortitoken_mobile	4.3.0	Yes
Application	fortinet	fortitoken_mobile	4.4.0	Yes
Application	fortinet	fortitoken_mobile	4.5.0	Yes
Application	fortinet	fortitoken_mobile	5.0.2	Yes
Application	fortinet	fortitoken_mobile	5.0.3	Yes
Application	fortinet	fortitoken_mobile	5.2.0	Yes

References

https://fortiguard.com/advisory/FG-IR-21-024 Patch, Vendor Advisory ([email protected])
https://fortiguard.com/advisory/FG-IR-21-024 Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)