exploitDog

GHSA-q9f5-mqv7-56mh

Опубликовано: 19 июл. 2022

Источник: github

Github: Не прошло ревью

CVSS3: 5.4

Описание

A improper validation of certificate with host mismatch in Fortinet FortiTokenAndroid version 5.0.3 and below, Fortinet FortiTokeniOS version 5.2.0 and below, Fortinet FortiTokenWinApp version 4.0.3 and below allows attacker to retrieve information disclosed via man-in-the-middle attacks.

A improper validation of certificate with host mismatch in Fortinet FortiTokenAndroid version 5.0.3 and below, Fortinet FortiTokeniOS version 5.2.0 and below, Fortinet FortiTokenWinApp version 4.0.3 and below allows attacker to retrieve information disclosed via man-in-the-middle attacks.

Ссылки

EPSS

Процентиль: 17%

0.00052

Низкий

5.4 Medium

CVSS3

CVE ID

Дефекты

CWE-295

Связанные уязвимости

CVE-2021-22131

CVSS3: 6.4

nvd

больше 3 лет назад

A improper validation of certificate with host mismatch in Fortinet FortiTokenAndroid version 5.0.3 and below, Fortinet FortiTokeniOS version 5.2.0 and below, Fortinet FortiTokenWinApp version 4.0.3 and below allows attacker to retrieve information disclosed via man-in-the-middle attacks.

EPSS

Процентиль: 17%

0.00052

Низкий

5.4 Medium

CVSS3

CVE ID

Дефекты

CWE-295