CVE-2021-22131

{"id": "CVE-2021-22131", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@fortinet.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.4, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 1.2}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 4.2, "exploitabilityScore": 1.2}]}, "published": "2022-07-18T18:15:08.620", "references": [{"url": "https://fortiguard.com/advisory/FG-IR-21-024", "tags": ["Patch", "Vendor Advisory"], "source": "psirt@fortinet.com"}, {"url": "https://fortiguard.com/advisory/FG-IR-21-024", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-295"}]}], "descriptions": [{"lang": "en", "value": "A improper validation of certificate with host mismatch in Fortinet FortiTokenAndroid version 5.0.3 and below, Fortinet FortiTokeniOS version 5.2.0 and below, Fortinet FortiTokenWinApp version 4.0.3 and below allows attacker to retrieve information disclosed via man-in-the-middle attacks."}, {"lang": "es", "value": "Una comprobaci\u00f3n incorrecta del certificado con desajuste de host en Fortinet FortiTokenAndroid versi\u00f3n 5.0.3 y posteriores, Fortinet FortiTokeniOS versi\u00f3n 5.2.0 y posteriores, Fortinet FortiTokenWinApp versi\u00f3n 4.0.3 y posteriores permite a un atacante recuperar informaci\u00f3n divulgada por medio de ataques de tipo man-in-the-middle"}], "lastModified": "2024-11-21T05:49:33.903", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:fortinet:fortitoken_mobile:0.4.10:*:*:*:*:android:*:*", "vulnerable": true, "matchCriteriaId": "78409CFC-A286-4BC2-A6CC-3AA0713B5B95"}, {"criteria": "cpe:2.3:a:fortinet:fortitoken_mobile:0.4.20:*:*:*:*:android:*:*", "vulnerable": true, "matchCriteriaId": "8607115D-DF4D-4FF8-892E-5F249E8DBD49"}, {"criteria": "cpe:2.3:a:fortinet:fortitoken_mobile:3.0.0:*:*:*:*:android:*:*", "vulnerable": true, "matchCriteriaId": "B9C01846-DEC3-4D82-9CF8-7A7F30E3D24E"}, {"criteria": "cpe:2.3:a:fortinet:fortitoken_mobile:3.0.0:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "6BE8D5E7-54A6-41F8-AEE5-4B5494F526E5"}, {"criteria": "cpe:2.3:a:fortinet:fortitoken_mobile:3.0.1:*:*:*:*:android:*:*", "vulnerable": true, "matchCriteriaId": "78A9D2E4-C44A-4E2D-8653-34125C60D36D"}, {"criteria": "cpe:2.3:a:fortinet:fortitoken_mobile:3.0.1:*:*:*:*:ios:*:*", "vulnerable": true, "matchCriteriaId": "646EA1B7-DC75-48C9-9253-4C2A73EBAB4D"}, {"criteria": "cpe:2.3:a:fortinet:fortitoken_mobile:3.0.1:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "EFBCBD58-7F9F-4972-B283-843A341BF3D3"}, {"criteria": "cpe:2.3:a:fortinet:fortitoken_mobile:3.0.2:*:*:*:*:android:*:*", "vulnerable": true, "matchCriteriaId": "745A6368-1A53-4CE7-9FC0-D7691841A5A8"}, {"criteria": "cpe:2.3:a:fortinet:fortitoken_mobile:3.0.2:*:*:*:*:ios:*:*", "vulnerable": true, "matchCriteriaId": "66F1224F-B105-421E-B8A4-1ADB4E6D6C97"}, {"criteria": "cpe:2.3:a:fortinet:fortitoken_mobile:3.0.3:*:*:*:*:android:*:*", "vulnerable": true, "matchCriteriaId": "4F8B1290-410C-4DF8-8F32-D7606D6ED70C"}, {"criteria": "cpe:2.3:a:fortinet:fortitoken_mobile:3.0.3:*:*:*:*:ios:*:*", "vulnerable": true, "matchCriteriaId": "F12596B9-1FD1-4DEE-B914-3BE4AB0D4954"}, {"criteria": "cpe:2.3:a:fortinet:fortitoken_mobile:3.0.4:*:*:*:*:android:*:*", "vulnerable": true, "matchCriteriaId": "A91D1B9C-1E80-4F1F-9C87-B2F8BBC238CC"}, {"criteria": "cpe:2.3:a:fortinet:fortitoken_mobile:3.0.4:*:*:*:*:ios:*:*", "vulnerable": true, "matchCriteriaId": "DB309927-9668-485A-B103-4B49B158F9FF"}, {"criteria": "cpe:2.3:a:fortinet:fortitoken_mobile:3.0.5:*:*:*:*:ios:*:*", "vulnerable": true, "matchCriteriaId": "E6C89656-4142-459C-A7D0-1AD56D8912DB"}, {"criteria": "cpe:2.3:a:fortinet:fortitoken_mobile:4.0.0:*:*:*:*:android:*:*", "vulnerable": true, "matchCriteriaId": "3955B1D6-2A19-4233-B4D9-8B4164953FC5"}, {"criteria": "cpe:2.3:a:fortinet:fortitoken_mobile:4.0.1:*:*:*:*:android:*:*", "vulnerable": true, "matchCriteriaId": "C73200A0-7927-4BB7-BFC3-F3096A36C885"}, {"criteria": "cpe:2.3:a:fortinet:fortitoken_mobile:4.0.3:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "64352CBC-EE83-41E0-AA38-63F1BE9C6BFC"}, {"criteria": "cpe:2.3:a:fortinet:fortitoken_mobile:4.1.0:*:*:*:*:ios:*:*", "vulnerable": true, "matchCriteriaId": "359238E3-41BD-4CF1-8DBE-D870AC8B957C"}, {"criteria": "cpe:2.3:a:fortinet:fortitoken_mobile:4.1.1:*:*:*:*:android:*:*", "vulnerable": true, "matchCriteriaId": "13450557-F714-440B-ACE4-16CB73FE0671"}, {"criteria": "cpe:2.3:a:fortinet:fortitoken_mobile:4.1.1:*:*:*:*:ios:*:*", "vulnerable": true, "matchCriteriaId": "0FBE4948-CC88-48EA-AA98-7FFA6CB64620"}, {"criteria": "cpe:2.3:a:fortinet:fortitoken_mobile:4.2.0:*:*:*:*:ios:*:*", "vulnerable": true, "matchCriteriaId": "081B181E-C83F-43B1-B403-66F39E9F19B9"}, {"criteria": "cpe:2.3:a:fortinet:fortitoken_mobile:4.2.1:*:*:*:*:android:*:*", "vulnerable": true, "matchCriteriaId": "9136197A-B12B-4CAF-9E29-4C5FE449CA4E"}, {"criteria": "cpe:2.3:a:fortinet:fortitoken_mobile:4.2.2:*:*:*:*:android:*:*", "vulnerable": true, "matchCriteriaId": "4C141581-C3A0-40AD-9653-09A807DAD6CA"}, {"criteria": "cpe:2.3:a:fortinet:fortitoken_mobile:4.3.0:*:*:*:*:android:*:*", "vulnerable": true, "matchCriteriaId": "F15B4E41-3064-4EC5-8E7B-28E3C1F0C2D0"}, {"criteria": "cpe:2.3:a:fortinet:fortitoken_mobile:4.3.0:*:*:*:*:ios:*:*", "vulnerable": true, "matchCriteriaId": "0A1901AC-78BB-488A-85E0-DF7596018CAA"}, {"criteria": "cpe:2.3:a:fortinet:fortitoken_mobile:4.4.0:*:*:*:*:android:*:*", "vulnerable": true, "matchCriteriaId": "469E9D0A-A62D-4827-9CCC-273E8DBDF803"}, {"criteria": "cpe:2.3:a:fortinet:fortitoken_mobile:4.5.0:*:*:*:*:android:*:*", "vulnerable": true, "matchCriteriaId": "94A1FD51-E7EB-46B0-876F-FC4DBCD9F067"}, {"criteria": "cpe:2.3:a:fortinet:fortitoken_mobile:5.0.2:*:*:*:*:android:*:*", "vulnerable": true, "matchCriteriaId": "C7D9D6C0-3BEE-4AA7-89F0-3F403BE9899F"}, {"criteria": "cpe:2.3:a:fortinet:fortitoken_mobile:5.0.3:*:*:*:*:android:*:*", "vulnerable": true, "matchCriteriaId": "D5AD4616-8E63-4454-B443-F25226796FDA"}, {"criteria": "cpe:2.3:a:fortinet:fortitoken_mobile:5.2.0:*:*:*:*:ios:*:*", "vulnerable": true, "matchCriteriaId": "B395A92E-6FE3-42E1-97F3-3FB6FB1C2AF9"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@fortinet.com"}