CVE-2021-22131

A improper validation of certificate with host mismatch in Fortinet FortiTokenAndroid version 5.0.3 and below, Fortinet FortiTokeniOS version 5.2.0 and below, Fortinet FortiTokenWinApp version 4.0.3 and below allows attacker to retrieve information disclosed via man-in-the-middle attacks.
References
Link Resource
https://fortiguard.com/advisory/FG-IR-21-024 Patch Vendor Advisory
https://fortiguard.com/advisory/FG-IR-21-024 Patch Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:fortinet:fortitoken_mobile:0.4.10:*:*:*:*:android:*:*
cpe:2.3:a:fortinet:fortitoken_mobile:0.4.20:*:*:*:*:android:*:*
cpe:2.3:a:fortinet:fortitoken_mobile:3.0.0:*:*:*:*:android:*:*
cpe:2.3:a:fortinet:fortitoken_mobile:3.0.0:*:*:*:*:windows:*:*
cpe:2.3:a:fortinet:fortitoken_mobile:3.0.1:*:*:*:*:android:*:*
cpe:2.3:a:fortinet:fortitoken_mobile:3.0.1:*:*:*:*:ios:*:*
cpe:2.3:a:fortinet:fortitoken_mobile:3.0.1:*:*:*:*:windows:*:*
cpe:2.3:a:fortinet:fortitoken_mobile:3.0.2:*:*:*:*:android:*:*
cpe:2.3:a:fortinet:fortitoken_mobile:3.0.2:*:*:*:*:ios:*:*
cpe:2.3:a:fortinet:fortitoken_mobile:3.0.3:*:*:*:*:android:*:*
cpe:2.3:a:fortinet:fortitoken_mobile:3.0.3:*:*:*:*:ios:*:*
cpe:2.3:a:fortinet:fortitoken_mobile:3.0.4:*:*:*:*:android:*:*
cpe:2.3:a:fortinet:fortitoken_mobile:3.0.4:*:*:*:*:ios:*:*
cpe:2.3:a:fortinet:fortitoken_mobile:3.0.5:*:*:*:*:ios:*:*
cpe:2.3:a:fortinet:fortitoken_mobile:4.0.0:*:*:*:*:android:*:*
cpe:2.3:a:fortinet:fortitoken_mobile:4.0.1:*:*:*:*:android:*:*
cpe:2.3:a:fortinet:fortitoken_mobile:4.0.3:*:*:*:*:windows:*:*
cpe:2.3:a:fortinet:fortitoken_mobile:4.1.0:*:*:*:*:ios:*:*
cpe:2.3:a:fortinet:fortitoken_mobile:4.1.1:*:*:*:*:android:*:*
cpe:2.3:a:fortinet:fortitoken_mobile:4.1.1:*:*:*:*:ios:*:*
cpe:2.3:a:fortinet:fortitoken_mobile:4.2.0:*:*:*:*:ios:*:*
cpe:2.3:a:fortinet:fortitoken_mobile:4.2.1:*:*:*:*:android:*:*
cpe:2.3:a:fortinet:fortitoken_mobile:4.2.2:*:*:*:*:android:*:*
cpe:2.3:a:fortinet:fortitoken_mobile:4.3.0:*:*:*:*:android:*:*
cpe:2.3:a:fortinet:fortitoken_mobile:4.3.0:*:*:*:*:ios:*:*
cpe:2.3:a:fortinet:fortitoken_mobile:4.4.0:*:*:*:*:android:*:*
cpe:2.3:a:fortinet:fortitoken_mobile:4.5.0:*:*:*:*:android:*:*
cpe:2.3:a:fortinet:fortitoken_mobile:5.0.2:*:*:*:*:android:*:*
cpe:2.3:a:fortinet:fortitoken_mobile:5.0.3:*:*:*:*:android:*:*
cpe:2.3:a:fortinet:fortitoken_mobile:5.2.0:*:*:*:*:ios:*:*

History

21 Nov 2024, 05:49

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 5.4
v2 : unknown
v3 : 6.4
References () https://fortiguard.com/advisory/FG-IR-21-024 - Patch, Vendor Advisory () https://fortiguard.com/advisory/FG-IR-21-024 - Patch, Vendor Advisory

Information

Published : 2022-07-18 18:15

Updated : 2024-11-21 05:49


NVD link : CVE-2021-22131

Mitre link : CVE-2021-22131

CVE.ORG link : CVE-2021-22131


JSON object : View

Products Affected

fortinet

  • fortitoken_mobile
CWE
CWE-295

Improper Certificate Validation