CVE-2021-22131
Summary
| CVE | CVE-2021-22131 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-07-18 18:15:00 UTC |
| Updated | 2022-07-25 15:12:00 UTC |
| Description | A improper validation of certificate with host mismatch in Fortinet FortiTokenAndroid version 5.0.3 and below, Fortinet FortiTokeniOS version 5.2.0 and below, Fortinet FortiTokenWinApp version 4.0.3 and below allows attacker to retrieve information disclosed via man-in-the-middle attacks. |
Risk And Classification
Problem Types: CWE-295
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Fortinet | Fortitoken Mobile | 0.4.10 | All | All | All |
| Application | Fortinet | Fortitoken Mobile | 0.4.20 | All | All | All |
| Application | Fortinet | Fortitoken Mobile | 3.0.0 | All | All | All |
| Application | Fortinet | Fortitoken Mobile | 3.0.0 | All | All | All |
| Application | Fortinet | Fortitoken Mobile | 3.0.1 | All | All | All |
| Application | Fortinet | Fortitoken Mobile | 3.0.1 | All | All | All |
| Application | Fortinet | Fortitoken Mobile | 3.0.1 | All | All | All |
| Application | Fortinet | Fortitoken Mobile | 3.0.2 | All | All | All |
| Application | Fortinet | Fortitoken Mobile | 3.0.2 | All | All | All |
| Application | Fortinet | Fortitoken Mobile | 3.0.3 | All | All | All |
| Application | Fortinet | Fortitoken Mobile | 3.0.3 | All | All | All |
| Application | Fortinet | Fortitoken Mobile | 3.0.4 | All | All | All |
| Application | Fortinet | Fortitoken Mobile | 3.0.4 | All | All | All |
| Application | Fortinet | Fortitoken Mobile | 3.0.5 | All | All | All |
| Application | Fortinet | Fortitoken Mobile | 4.0.0 | All | All | All |
| Application | Fortinet | Fortitoken Mobile | 4.0.1 | All | All | All |
| Application | Fortinet | Fortitoken Mobile | 4.0.3 | All | All | All |
| Application | Fortinet | Fortitoken Mobile | 4.1.0 | All | All | All |
| Application | Fortinet | Fortitoken Mobile | 4.1.1 | All | All | All |
| Application | Fortinet | Fortitoken Mobile | 4.1.1 | All | All | All |
| Application | Fortinet | Fortitoken Mobile | 4.2.0 | All | All | All |
| Application | Fortinet | Fortitoken Mobile | 4.2.1 | All | All | All |
| Application | Fortinet | Fortitoken Mobile | 4.2.2 | All | All | All |
| Application | Fortinet | Fortitoken Mobile | 4.3.0 | All | All | All |
| Application | Fortinet | Fortitoken Mobile | 4.3.0 | All | All | All |
| Application | Fortinet | Fortitoken Mobile | 4.4.0 | All | All | All |
| Application | Fortinet | Fortitoken Mobile | 4.5.0 | All | All | All |
| Application | Fortinet | Fortitoken Mobile | 5.0.2 | All | All | All |
| Application | Fortinet | Fortitoken Mobile | 5.0.3 | All | All | All |
| Application | Fortinet | Fortitoken Mobile | 5.2.0 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| PSIRT Advisories | FortiGuard | CONFIRM | fortiguard.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.