fortinet fortitoken-mobile CVE-2021-22131 is a vulnerability in Fortinet Fortitoken Mobile
Published on July 18, 2022

A improper validation of certificate with host mismatch in Fortinet FortiTokenAndroid version 5.0.3 and below, Fortinet FortiTokeniOS version 5.2.0 and below, Fortinet FortiTokenWinApp version 4.0.3 and below allows attacker to retrieve information disclosed via man-in-the-middle attacks.

NVD

Vulnerability Analysis

Attack Vector:
ADJACENT_NETWORK
Attack Complexity:
HIGH
Privileges Required:
NONE
User Interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality Impact:
HIGH
Integrity Impact:
NONE
Availability Impact:
HIGH

Products Associated with CVE-2021-22131

Want to know whenever a new CVE is published for Fortinet Fortitoken Mobile? stack.watch will email you.

Fortinet Fortitoken Mobile
 

Affected Versions

Fortinet FortiTokenAndroid, Fortinet FortiTokeniOS, Fortinet FortiTokenWinApp Version FortiTokenAndroid 5.0.3, 5.0.2, 4.5.0, 4.4.0, 4.3.0, 4.2.2, 4.2.1, 4.1.1, 4.0.1, 4.0.0, 3.0.4, 3.0.3, 3.0.2, 3.0.1, 3.0.0, 0.4.20, 0.4.10, FortiTokeniOS 5.2.0, 4.3.0, 4.2.0, 4.1.1, 3.0.5, 3.0.4, 3.0.3, 3.0.2, 3.0.1, FortiTokenWinApp 4.0.3, 3.0.1, 3.0.0 is affected by CVE-2021-22131

Exploit Probability

EPSS
0.05%
Percentile
16.14%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.