A improper validation of certificate with host mismatch in Fortinet FortiTokenAndroid version 5.0.3 and below, Fortinet FortiTokeniOS version 5.2.0 and below, Fortinet FortiTokenWinApp version 4.0.3 and below allows attacker to retrieve information disclosed via man-in-the-middle attacks.
References
Link | Resource |
---|---|
https://fortiguard.com/advisory/FG-IR-21-024 | Patch Vendor Advisory |
https://fortiguard.com/advisory/FG-IR-21-024 | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 05:49
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.4 |
References | () https://fortiguard.com/advisory/FG-IR-21-024 - Patch, Vendor Advisory |
Information
Published : 2022-07-18 18:15
Updated : 2024-11-21 05:49
NVD link : CVE-2021-22131
Mitre link : CVE-2021-22131
CVE.ORG link : CVE-2021-22131
JSON object : View
Products Affected
fortinet
- fortitoken_mobile
CWE
CWE-295
Improper Certificate Validation