CVE-2021-22131 MEDIUM

CVE-2021-22131

Vendor Fortinet
Product Fortinet FortiTokenAndroid, Fortinet FortiTokeniOS, Fortinet FortiTokenWinApp
Published July 18, 2022
Last update October 22, 2024

CVSS base score

6.4/10
Attack vector Adjacent
Attack complexity High
Privileges required None
User interaction Required
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:H/E:P/RL:X/RC:C

What the vulnerability does

01Description

A improper validation of certificate with host mismatch in Fortinet FortiTokenAndroid version 5.0.3 and below, Fortinet FortiTokeniOS version 5.2.0 and below, Fortinet FortiTokenWinApp version 4.0.3 and below allows attacker to retrieve information disclosed via man-in-the-middle attacks.

Key dates

02Disclosure timeline

July 18, 2022 CVE published
October 22, 2024 Record updated