EUVD-2021-9287

🗓️ 03 Oct 2025 20:07:09Reported by EUVDType

Improper certificate validation in Fortinet apps allows attackers to execute man-in-the-middle attacks

Reporter	Title	Published	Views	Family All 11
Circl	CVE-2021-22131	18 Jul 202222:39	–	circl
CNNVD	Fortinet FortiToken Mobile 信任管理问题漏洞	8 Jun 202200:00	–	cnnvd
CVE	CVE-2021-22131	18 Jul 202216:35	–	cve
Cvelist	CVE-2021-22131	18 Jul 202216:35	–	cvelist
Fortinet	FortiTokenMobile - Missing digital certificate validation	7 Jun 202200:00	–	fortinet
NCSC	Vulnerability fixed in Fortinet products	8 Jun 202200:00	–	ncsc
NVD	CVE-2021-22131	18 Jul 202218:15	–	nvd
OSV	CVE-2021-22131	18 Jul 202218:15	–	osv
Prion	Input validation	18 Jul 202218:15	–	prion
RedhatCVE	CVE-2021-22131	9 Jan 202609:18	–	redhatcve

[
  {
    "enisaIdVendor": [
      {
        "id": "9811e42c-d8c8-3540-9097-d77d48add76f",
        "vendor": {
          "name": "Fortinet"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "83e9d77c-ad5d-3140-a684-df9b13adf39d",
        "product": {
          "name": "Fortinet FortiTokenAndroid, Fortinet FortiTokeniOS, Fortinet FortiTokenWinApp"
        },
        "product_version": "FortiTokenAndroid 5.0.3, 5.0.2, 4.5.0, 4.4.0, 4.3.0, 4.2.2, 4.2.1, 4.1.1, 4.0.1, 4.0.0, 3.0.4, 3.0.3, 3.0.2, 3.0.1, 3.0.0, 0.4.20, 0.4.10, FortiTokeniOS 5.2.0, 4.3.0, 4.2.0, 4.1.1, 3.0.5, 3.0.4, 3.0.3, 3.0.2, 3.0.1,  FortiTokenWinApp 4.0.3, 3.0.1, 3.0.0"
      }
    ]
  }
]

Source	Link
fortiguard	www.fortiguard.com/advisory/FG-IR-21-024

03 Oct 2025 20:07Current

5.7Medium risk

Vulners AI Score5.7

CVSS 3.15.4 - 6.4

EPSS0.00052

SSVC