CVE-2021-44166
published 2022-03-02CVE-2021-44166: An improper access control vulnerability [CWE-284 ] in FortiToken Mobile (Android) external push notification 5.1.0 and below may allow a remote attacker…
medium4.1CVSS 3.1
AVNACLPRLUIRSCCNILAN
An improper access control vulnerability [CWE-284 ] in FortiToken Mobile (Android) external push notification 5.1.0 and below may allow a remote attacker having already obtained a user's password to access the protected system during the 2FA procedure, even though the deny button is clicked by the legitimate user.
Affected
14 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fortinet | fortinet_fortitokenandroid | — | — |
| fortinet | fortitoken | — | — |
| fortinet | fortitoken_mobile | — | — |
| fortinet | fortitoken_mobile | — | — |
| fortinet | fortitoken_mobile | — | — |
| fortinet | fortitoken_mobile | — | — |
| fortinet | fortitoken_mobile | — | — |
| fortinet | fortitoken_mobile | — | — |
| fortinet | fortitoken_mobile | — | — |
| fortinet | fortitoken_mobile | — | — |
| fortinet | fortitoken_mobile | — | — |
| fortinet | fortitoken_mobile | — | — |
| fortinet | fortitoken_mobile | — | — |
| fortinet | fortitokenmobile | — | — |