Vulnerability Description
A externally controlled reference to a resource in another sphere vulnerability in Fortinet allows attacker to poison web caches via crafted HTTP requests, where the `Host` header points to an arbitrary webserver
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Fortinet | Fortiadc | >= 5.4.0, < 6.2.4 |
| Fortinet | Fortiauthenticator | >= 6.3.0, < 6.3.4 |
| Fortinet | Fortiddos | >= 5.3.0, < 5.5.2 |
| Fortinet | Fortiddos-F | >= 6.1.0, < 6.3.4 |
| Fortinet | Fortimail | >= 6.4.0, < 7.0.4 |
| Fortinet | Fortindr | >= 1.4.0, < 7.1.1 |
| Fortinet | Fortiproxy | >= 2.0.0, < 7.0.5 |
| Fortinet | Fortirecorder | >= 6.0.0, < 6.0.11 |
| Fortinet | Fortisoar | >= 6.4.0, < 7.3.0 |
| Fortinet | Fortitester | >= 3.7.0, < 7.2.2 |
| Fortinet | Fortivoice | >= 6.0.0, < 6.4.9 |
| Fortinet | Fortiwlc | >= 8.6.0, < 8.6.7 |
| Fortinet | Fortios | >= 6.0.0, < 7.0.6 |
| Fortinet | Fortiswitch | >= 6.4.0, < 7.0.5 |
Related Weaknesses (CWE)
References
FAQ
What is CVE-2022-23439?
CVE-2022-23439 is a vulnerability with a CVSS score of 4.7 (MEDIUM). A externally controlled reference to a resource in another sphere vulnerability in Fortinet allows attacker to poison web caches via crafted HTTP requests, where the `Host` header points to an arbitr...
How severe is CVE-2022-23439?
CVE-2022-23439 has been rated MEDIUM with a CVSS base score of 4.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-23439?
Check the references section above for vendor advisories and patch information. Affected products include: Fortinet Fortiadc, Fortinet Fortiauthenticator, Fortinet Fortiddos, Fortinet Fortiddos-F, Fortinet Fortimail.