CVE-2022-23439
MEDIUM EPSS 35.3%
Published Jan 22, 20251y ago · Modified Jun 17, 20261w ago
6.1 CVSS 3.1
Published Jan 22, 2025 1y ago
Last Modified Jun 17, 2026 1w ago
Description
A externally controlled reference to a resource in another sphere vulnerability in Fortinet allows attacker to poison web caches via crafted HTTP requests, where the `Host` header points to an arbitrary webserver
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction Required
Scope Changed
Confidentiality Low
Integrity Low
Availability None
Threat Intelligence
EPSS Exploit Probability
35.3% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available
Weaknesses 1
CWE-610
Affected Products 19
| Vendor | Product | Version | Range |
|---|---|---|---|
| fortinet | fortiadc | * | ≥5.4.0 – <6.2.4 |
| fortinet | fortiauthenticator | * | ≥6.3.0 – <6.3.4 |
| fortinet | fortiauthenticator | * | ≥6.4.0 – <6.4.2 |
| fortinet | fortiddos | * | ≥5.3.0 – <5.5.2 |
| fortinet | fortiddos-f | * | ≥6.1.0 – <6.3.4 |
| fortinet | fortimail | * | ≥6.4.0 – <7.0.4 |
| fortinet | fortindr | * | ≥1.4.0 – <7.1.1 |
| fortinet | fortindr | 7.2.0 | any |
| fortinet | fortiproxy | * | ≥2.0.0 – <7.0.5 |
| fortinet | fortiproxy | * | ≥7.2.0 – <7.4.0 |
| fortinet | fortirecorder | * | ≥6.0.0 – <6.0.11 |
| fortinet | fortirecorder | * | ≥6.4.0 – <6.4.3 |
| fortinet | fortisoar | * | ≥6.4.0 – <7.3.0 |
| fortinet | fortitester | * | ≥3.7.0 – <7.2.2 |
| fortinet | fortivoice | * | ≥6.0.0 – <6.4.9 |
| fortinet | fortiwlc | * | ≥8.6.0 – <8.6.7 |
| fortinet | fortios | * | ≥6.0.0 – <7.0.6 |
| fortinet | fortios | * | ≥7.2.0 – <7.2.5 |
| fortinet | fortiswitch | * | ≥6.4.0 – <7.0.5 |
References 1
- fortiguard.com https://fortiguard.com/psirt/FG-IR-23-494
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.