Lucene search

FortinetCVELIST:CVE-2021-22131

HistoryJul 18, 2022 - 4:35 p.m.

CVE-2021-22131

2022-07-1816:35:56

fortinet

www.cve.org

cve-2021-22131

fortinet

fortitoken

certificate validation

man-in-the-middle

CVSS3

6.4

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:H/E:P/RC:C

AI Score

6.4

Confidence

High

EPSS

0.001

Percentile

17.1%

JSON

A improper validation of certificate with host mismatch in Fortinet FortiTokenAndroid version 5.0.3 and below, Fortinet FortiTokeniOS version 5.2.0 and below, Fortinet FortiTokenWinApp version 4.0.3 and below allows attacker to retrieve information disclosed via man-in-the-middle attacks.

CNA Affected

[
  {
    "product": "Fortinet FortiTokenAndroid, Fortinet FortiTokeniOS, Fortinet FortiTokenWinApp",
    "vendor": "Fortinet",
    "versions": [
      {
        "status": "affected",
        "version": "FortiTokenAndroid 5.0.3, 5.0.2, 4.5.0, 4.4.0, 4.3.0, 4.2.2, 4.2.1, 4.1.1, 4.0.1, 4.0.0, 3.0.4, 3.0.3, 3.0.2, 3.0.1, 3.0.0, 0.4.20, 0.4.10, FortiTokeniOS 5.2.0, 4.3.0, 4.2.0, 4.1.1, 3.0.5, 3.0.4, 3.0.3, 3.0.2, 3.0.1,  FortiTokenWinApp 4.0.3, 3.0.1, 3.0.0"
      }
    ]
  }
]

References

fortiguard.com/advisory/FG-IR-21-024

CVSS3

6.4

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:H/E:P/RC:C

AI Score

6.4

Confidence

High

EPSS

0.001

Percentile

17.1%

JSON

Related for CVELIST:CVE-2021-22131