CVE-2021-22131

A improper validation of certificate with host mismatch in Fortinet FortiTokenAndroid version 5.0.3 and below, Fortinet FortiTokeniOS version 5.2.0 and below, Fortinet FortiTokenWinApp version 4.0.3 and below allows attacker to retrieve information disclosed via man-in-the-middle attacks.
References
Link Resource
https://fortiguard.com/advisory/FG-IR-21-024 Patch Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:fortinet:fortitoken_mobile:0.4.10:*:*:*:*:android:*:*
cpe:2.3:a:fortinet:fortitoken_mobile:0.4.20:*:*:*:*:android:*:*
cpe:2.3:a:fortinet:fortitoken_mobile:3.0.0:*:*:*:*:android:*:*
cpe:2.3:a:fortinet:fortitoken_mobile:3.0.0:*:*:*:*:windows:*:*
cpe:2.3:a:fortinet:fortitoken_mobile:3.0.1:*:*:*:*:android:*:*
cpe:2.3:a:fortinet:fortitoken_mobile:3.0.1:*:*:*:*:ios:*:*
cpe:2.3:a:fortinet:fortitoken_mobile:3.0.1:*:*:*:*:windows:*:*
cpe:2.3:a:fortinet:fortitoken_mobile:3.0.2:*:*:*:*:android:*:*
cpe:2.3:a:fortinet:fortitoken_mobile:3.0.2:*:*:*:*:ios:*:*
cpe:2.3:a:fortinet:fortitoken_mobile:3.0.3:*:*:*:*:android:*:*
cpe:2.3:a:fortinet:fortitoken_mobile:3.0.3:*:*:*:*:ios:*:*
cpe:2.3:a:fortinet:fortitoken_mobile:3.0.4:*:*:*:*:android:*:*
cpe:2.3:a:fortinet:fortitoken_mobile:3.0.4:*:*:*:*:ios:*:*
cpe:2.3:a:fortinet:fortitoken_mobile:3.0.5:*:*:*:*:ios:*:*
cpe:2.3:a:fortinet:fortitoken_mobile:4.0.0:*:*:*:*:android:*:*
cpe:2.3:a:fortinet:fortitoken_mobile:4.0.1:*:*:*:*:android:*:*
cpe:2.3:a:fortinet:fortitoken_mobile:4.0.3:*:*:*:*:windows:*:*
cpe:2.3:a:fortinet:fortitoken_mobile:4.1.0:*:*:*:*:ios:*:*
cpe:2.3:a:fortinet:fortitoken_mobile:4.1.1:*:*:*:*:android:*:*
cpe:2.3:a:fortinet:fortitoken_mobile:4.1.1:*:*:*:*:ios:*:*
cpe:2.3:a:fortinet:fortitoken_mobile:4.2.0:*:*:*:*:ios:*:*
cpe:2.3:a:fortinet:fortitoken_mobile:4.2.1:*:*:*:*:android:*:*
cpe:2.3:a:fortinet:fortitoken_mobile:4.2.2:*:*:*:*:android:*:*
cpe:2.3:a:fortinet:fortitoken_mobile:4.3.0:*:*:*:*:android:*:*
cpe:2.3:a:fortinet:fortitoken_mobile:4.3.0:*:*:*:*:ios:*:*
cpe:2.3:a:fortinet:fortitoken_mobile:4.4.0:*:*:*:*:android:*:*
cpe:2.3:a:fortinet:fortitoken_mobile:4.5.0:*:*:*:*:android:*:*
cpe:2.3:a:fortinet:fortitoken_mobile:5.0.2:*:*:*:*:android:*:*
cpe:2.3:a:fortinet:fortitoken_mobile:5.0.3:*:*:*:*:android:*:*
cpe:2.3:a:fortinet:fortitoken_mobile:5.2.0:*:*:*:*:ios:*:*

History

No history.

Information

Published : 2022-07-18 18:15

Updated : 2024-02-28 19:29


NVD link : CVE-2021-22131

Mitre link : CVE-2021-22131

CVE.ORG link : CVE-2021-22131


JSON object : View

Products Affected

fortinet

  • fortitoken_mobile
CWE
CWE-295

Improper Certificate Validation