PT-2022-9230 · Fortinet · Fortitokenandroid+2

Published

2022-07-18

Updated

2022-07-25

CVE-2021-22131

CVSS v3.1

6.4

Medium

Vector

AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:H

Name of the Vulnerable Software and Affected Versions Fortinet FortiTokenAndroid versions 5.0.3 and below Fortinet FortiTokeniOS versions 5.2.0 and below Fortinet FortiTokenWinApp versions 4.0.3 and below

Description The issue is related to improper validation of certificates with host mismatch, allowing an attacker to retrieve information via man-in-the-middle attacks.

Recommendations For Fortinet FortiTokenAndroid versions 5.0.3 and below, update to a version above 5.0.3. For Fortinet FortiTokeniOS versions 5.2.0 and below, update to a version above 5.2.0. For Fortinet FortiTokenWinApp versions 4.0.3 and below, update to a version above 4.0.3.

Fix

Improper Certificate Validation

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-295

Related Identifiers

CVE-2021-22131

Affected Products

Fortitokenandroid

Fortitokenwinapp

Fortitokenios

PT-2022-9230 · Fortinet · Fortitokenandroid+2

CVE-2021-22131

Weakness Enumeration

Related Identifiers

Affected Products

References · 4