CVE-2021-22131

Published Jul 18, 2022

Last updated 2 years ago

CVSS medium 5.4

Overview

Description: A improper validation of certificate with host mismatch in Fortinet FortiTokenAndroid version 5.0.3 and below, Fortinet FortiTokeniOS version 5.2.0 and below, Fortinet FortiTokenWinApp version 4.0.3 and below allows attacker to retrieve information disclosed via man-in-the-middle attacks.
Source: psirt@fortinet.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 5.4
Impact score: 4.2
Exploitability score: 1.2
Vector string: CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N
Severity: MEDIUM

Weaknesses

nvd@nist.gov: CWE-295

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:fortinet:fortitoken_mobile:0.4.10:*:*:*:*:android:*:*",
            "vulnerable": true,
            "matchCriteriaId": "78409CFC-A286-4BC2-A6CC-3AA0713B5B95"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortitoken_mobile:0.4.20:*:*:*:*:android:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8607115D-DF4D-4FF8-892E-5F249E8DBD49"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortitoken_mobile:3.0.0:*:*:*:*:android:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B9C01846-DEC3-4D82-9CF8-7A7F30E3D24E"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortitoken_mobile:3.0.0:*:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6BE8D5E7-54A6-41F8-AEE5-4B5494F526E5"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortitoken_mobile:3.0.1:*:*:*:*:android:*:*",
            "vulnerable": true,
            "matchCriteriaId": "78A9D2E4-C44A-4E2D-8653-34125C60D36D"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortitoken_mobile:3.0.1:*:*:*:*:ios:*:*",
            "vulnerable": true,
            "matchCriteriaId": "646EA1B7-DC75-48C9-9253-4C2A73EBAB4D"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortitoken_mobile:3.0.1:*:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EFBCBD58-7F9F-4972-B283-843A341BF3D3"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortitoken_mobile:3.0.2:*:*:*:*:android:*:*",
            "vulnerable": true,
            "matchCriteriaId": "745A6368-1A53-4CE7-9FC0-D7691841A5A8"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortitoken_mobile:3.0.2:*:*:*:*:ios:*:*",
            "vulnerable": true,
            "matchCriteriaId": "66F1224F-B105-421E-B8A4-1ADB4E6D6C97"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortitoken_mobile:3.0.3:*:*:*:*:android:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4F8B1290-410C-4DF8-8F32-D7606D6ED70C"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortitoken_mobile:3.0.3:*:*:*:*:ios:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F12596B9-1FD1-4DEE-B914-3BE4AB0D4954"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortitoken_mobile:3.0.4:*:*:*:*:android:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A91D1B9C-1E80-4F1F-9C87-B2F8BBC238CC"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortitoken_mobile:3.0.4:*:*:*:*:ios:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DB309927-9668-485A-B103-4B49B158F9FF"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortitoken_mobile:3.0.5:*:*:*:*:ios:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E6C89656-4142-459C-A7D0-1AD56D8912DB"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortitoken_mobile:4.0.0:*:*:*:*:android:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3955B1D6-2A19-4233-B4D9-8B4164953FC5"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortitoken_mobile:4.0.1:*:*:*:*:android:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C73200A0-7927-4BB7-BFC3-F3096A36C885"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortitoken_mobile:4.0.3:*:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "64352CBC-EE83-41E0-AA38-63F1BE9C6BFC"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortitoken_mobile:4.1.0:*:*:*:*:ios:*:*",
            "vulnerable": true,
            "matchCriteriaId": "359238E3-41BD-4CF1-8DBE-D870AC8B957C"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortitoken_mobile:4.1.1:*:*:*:*:android:*:*",
            "vulnerable": true,
            "matchCriteriaId": "13450557-F714-440B-ACE4-16CB73FE0671"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortitoken_mobile:4.1.1:*:*:*:*:ios:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0FBE4948-CC88-48EA-AA98-7FFA6CB64620"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortitoken_mobile:4.2.0:*:*:*:*:ios:*:*",
            "vulnerable": true,
            "matchCriteriaId": "081B181E-C83F-43B1-B403-66F39E9F19B9"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortitoken_mobile:4.2.1:*:*:*:*:android:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9136197A-B12B-4CAF-9E29-4C5FE449CA4E"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortitoken_mobile:4.2.2:*:*:*:*:android:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4C141581-C3A0-40AD-9653-09A807DAD6CA"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortitoken_mobile:4.3.0:*:*:*:*:android:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F15B4E41-3064-4EC5-8E7B-28E3C1F0C2D0"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortitoken_mobile:4.3.0:*:*:*:*:ios:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0A1901AC-78BB-488A-85E0-DF7596018CAA"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortitoken_mobile:4.4.0:*:*:*:*:android:*:*",
            "vulnerable": true,
            "matchCriteriaId": "469E9D0A-A62D-4827-9CCC-273E8DBDF803"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortitoken_mobile:4.5.0:*:*:*:*:android:*:*",
            "vulnerable": true,
            "matchCriteriaId": "94A1FD51-E7EB-46B0-876F-FC4DBCD9F067"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortitoken_mobile:5.0.2:*:*:*:*:android:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C7D9D6C0-3BEE-4AA7-89F0-3F403BE9899F"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortitoken_mobile:5.0.3:*:*:*:*:android:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D5AD4616-8E63-4454-B443-F25226796FDA"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortitoken_mobile:5.2.0:*:*:*:*:ios:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B395A92E-6FE3-42E1-97F3-3FB6FB1C2AF9"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References