| IR Number | FG-IR-21-024 |
| Date | Jun 7, 2022 |
| Severity |
Medium |
| CVSSv3 Score | 6.1 |
| Impact | Improper server authentication |
| CVE ID | CVE-2021-22131 |
| Affected Products |
FortiTokenAndroid
:
5.0.3, 5.0.2, 4.5.0, 4.4.0, 4.3.0, 4.2.2, 4.2.1, 4.1.1, 4.0.1, 4.0.0, 3.0.4, 3.0.3, 3.0.2, 3.0.1, 3.0.0, 0.4.20, 0.4.10
FortiTokenIOS
:
5.2.0, 4.3.0, 4.2.0, 4.1.1, 4.1.0, 3.0.5, 3.0.4, 3.0.3, 3.0.2, 3.0.1
FortiTokenMobileWP
:
4.0.3, 3.0.1, 3.0.0
|
| CVRF | Download |
Refine Search
PSIRT Advisories
FortiTokenMobile - Missing digital certificate validation
Summary
An improper validation of certificate with host mismatch vulnerability [CWE-297] in FortiTokenMobile may allow an unauthenticated user to spoof the validation server identity and achieve a Man-in-the-Middle attack.
Affected Products
FortiTokenAndroid 5.0 all versionsFortiTokenAndroid 4.5 all versions
FortiTokenAndroid 4.4 all versions
FortiTokenAndroid 4.3 all versions
FortiTokenAndroid 4.2 all versions
FortiTokenAndroid 4.1 all versions
FortiTokenAndroid 4.0 all versions
FortiTokenAndroid 3.0 all versions
FortiTokenAndroid 0.4 all versions
FortiTokenIOS 5.2 all versions
FortiTokenIOS 4.3 all versions
FortiTokenIOS 4.2 all versions
FortiTokenIOS 4.1 all versions
FortiTokenIOS 3.0 all versions
FortiTokenMobileWP 4.0 all versions
FortiTokenMobileWP 3.0 all versions
Solutions
Upgrade FortiTokenMobile for Android to version 5.1.0 or above
Upgrade FortiTokenMobile for iOS to version 5.3.0 or above
Upgrade FortiTokenMobile for Windows to version 4.1.0 or above