CVE Database · CVE-2021-22131
CVSS v3.1
6.4
EPSS
0.13%
Published
Jul 18, 2022
Modified
Nov 21, 2024
Public PoC / Exploit
All weaponized →No public PoC or exploit code indexed for this CVE.
Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.
Description
A improper validation of certificate with host mismatch in Fortinet FortiTokenAndroid version 5.0.3 and below, Fortinet FortiTokeniOS version 5.2.0 and below, Fortinet FortiTokenWinApp version 4.0.3 and below allows attacker to retrieve information disclosed via man-in-the-middle attacks.
CVSS Vector
CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:HWeaknesses (CWE)
Affected Products (30)
References (2)