CVE-2022-23439

A externally controlled reference to a resource in another sphere vulnerability in Fortinet allows attacker to poison web caches via crafted HTTP requests, where the `Host` header points to an arbitrary webserver

CVSS v3 4.7 MEDIUM

4.7^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.6 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://fortiguard.com/psirt/FG-IR-23-494

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:fortinet:fortiadc::::::::
	cpe:2.3:a:fortinet:fortiauthenticator::::::::
	cpe:2.3:a:fortinet:fortiauthenticator::::::::
	cpe:2.3:a:fortinet:fortiddos::::::::
	cpe:2.3:a:fortinet:fortiddos-f::::::::
	cpe:2.3:a:fortinet:fortimail::::::::
	cpe:2.3:a:fortinet:fortindr::::::::
	cpe:2.3:a:fortinet:fortindr:7.2.0:::::::*
	cpe:2.3:a:fortinet:fortiproxy::::::::
	cpe:2.3:a:fortinet:fortiproxy::::::::
	cpe:2.3:a:fortinet:fortirecorder::::::::
	cpe:2.3:a:fortinet:fortirecorder::::::::
	cpe:2.3:a:fortinet:fortisoar::::::::
	cpe:2.3:a:fortinet:fortitester::::::::
	cpe:2.3:a:fortinet:fortivoice::::::::
	cpe:2.3:a:fortinet:fortiwlc::::::::
	cpe:2.3:o:fortinet:fortios::::::::
	cpe:2.3:o:fortinet:fortios::::::::
	cpe:2.3:o:fortinet:fortiswitch::::::::

History

No history.

Information

Published : 2025-01-22 10:15

Updated : 2026-01-14 14:16

NVD link : CVE-2022-23439

Mitre link : CVE-2022-23439

CVE.ORG link : CVE-2022-23439

JSON object : View

Products Affected

fortinet

fortitester
fortiswitch
fortiadc
fortiauthenticator
fortirecorder
fortisoar
fortivoice
fortios
fortimail
fortiddos
fortindr
fortiddos-f
fortiproxy
fortiwlc

CWE

CWE-610

Externally Controlled Reference to a Resource in Another Sphere

{"id": "CVE-2022-23439", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@fortinet.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 4.7, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 1.6}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2025-01-22T10:15:07.737", "references": [{"url": "https://fortiguard.com/psirt/FG-IR-23-494", "source": "psirt@fortinet.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "psirt@fortinet.com", "description": [{"lang": "en", "value": "CWE-610"}]}], "descriptions": [{"lang": "en", "value": "A externally controlled reference to a resource in another sphere vulnerability in Fortinet allows attacker to poison web caches via crafted HTTP requests, where the `Host` header points to an arbitrary webserver"}, {"lang": "es", "value": "Una referencia controlada externamente a un recurso en otra esfera en Fortinet FortiManager anterior a la versi\u00f3n 7.4.3, FortiMail anterior a la versi\u00f3n 7.0.3, FortiAnalyzer anterior a la versi\u00f3n 7.4.3, FortiVoice versi\u00f3n 7.0.0, 7.0.1 y anterior a 6.4.8, FortiProxy anterior a la versi\u00f3n 7.0.4, FortiRecorder versi\u00f3n 6.4.0 a 6.4.2 y anterior a 6.0.10, FortiAuthenticator versi\u00f3n 6.4.0 a 6.4.1 y anterior a 6.3.3, FortiNDR versi\u00f3n 7.2.0 anterior a 7.1.0, FortiWLC anterior a la versi\u00f3n 8.6.4, FortiPortal anterior a la versi\u00f3n 6.0.9, FortiOS versi\u00f3n 7.2.0 y anterior a 7.0.5, FortiADC versi\u00f3n 7.0.0 a 7.0.1 y anterior 6.2.3, FortiDDoS anterior a la versi\u00f3n 5.5.1, FortiDDoS-F anterior a la versi\u00f3n 6.3.3, FortiTester anterior a la versi\u00f3n 7.2.1, FortiSOAR anterior a la versi\u00f3n 7.2.2 y FortiSwitch anterior a la versi\u00f3n 6.3.3 permiten a los atacantes envenenar cach\u00e9s web a trav\u00e9s de solicitudes HTTP manipulado, donde el encabezado `Host` apunta a un servidor web arbitrario."}], "lastModified": "2026-01-14T14:16:06.757", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:fortinet:fortiadc:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B7685DE5-EEF4-4EFF-9EE0-1ABC59A46B91", "versionEndExcluding": "6.2.4", "versionStartIncluding": "5.4.0"}, {"criteria": "cpe:2.3:a:fortinet:fortiauthenticator:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "959F9558-9C68-4046-AF5F-C543C9B5C3DE", "versionEndExcluding": "6.3.4", "versionStartIncluding": "6.3.0"}, {"criteria": "cpe:2.3:a:fortinet:fortiauthenticator:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B4F857C3-0369-45CD-8745-FC6086A6B401", "versionEndExcluding": "6.4.2", "versionStartIncluding": "6.4.0"}, {"criteria": "cpe:2.3:a:fortinet:fortiddos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5C2587E4-5D24-4C81-AD13-B3205FA07D14", "versionEndExcluding": "5.5.2", "versionStartIncluding": "5.3.0"}, {"criteria": "cpe:2.3:a:fortinet:fortiddos-f:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "999EDF79-3052-4A4E-9B71-B0FEDEBFE33E", "versionEndExcluding": "6.3.4", "versionStartIncluding": "6.1.0"}, {"criteria": "cpe:2.3:a:fortinet:fortimail:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9E3E1107-F78C-41B7-A8D4-E984EF551B1B", "versionEndExcluding": "7.0.4", "versionStartIncluding": "6.4.0"}, {"criteria": "cpe:2.3:a:fortinet:fortindr:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2798BBCF-0867-4C5B-9F28-6CD9846DAD7E", "versionEndExcluding": "7.1.1", "versionStartIncluding": "1.4.0"}, {"criteria": "cpe:2.3:a:fortinet:fortindr:7.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "06DD8B01-B4BC-432D-9045-40AD6DA84CB7"}, {"criteria": "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C4BF015A-6391-40D1-9FC4-C73110A2D52E", "versionEndExcluding": "7.0.5", "versionStartIncluding": "2.0.0"}, {"criteria": "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CF9591AF-D4A5-44F6-8535-1D166646E118", "versionEndExcluding": "7.4.0", "versionStartIncluding": "7.2.0"}, {"criteria": "cpe:2.3:a:fortinet:fortirecorder:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0A7151C5-DB42-4F91-B84C-CDA9CEF73A23", "versionEndExcluding": "6.0.11", "versionStartIncluding": "6.0.0"}, {"criteria": "cpe:2.3:a:fortinet:fortirecorder:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2DDA9A48-7687-40A3-A14F-5EB89A20A386", "versionEndExcluding": "6.4.3", "versionStartIncluding": "6.4.0"}, {"criteria": "cpe:2.3:a:fortinet:fortisoar:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B72000EC-F0D5-4100-B0DB-7405EDE32C76", "versionEndExcluding": "7.3.0", "versionStartIncluding": "6.4.0"}, {"criteria": "cpe:2.3:a:fortinet:fortitester:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C8838FC8-770F-41ED-8F25-8E2953258677", "versionEndExcluding": "7.2.2", "versionStartIncluding": "3.7.0"}, {"criteria": "cpe:2.3:a:fortinet:fortivoice:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C97B8181-C602-4E70-B3EA-CBE1FA62A220", "versionEndExcluding": "6.4.9", "versionStartIncluding": "6.0.0"}, {"criteria": "cpe:2.3:a:fortinet:fortiwlc:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C68A52C3-281D-4B4E-B0AA-0162D846BBB2", "versionEndExcluding": "8.6.7", "versionStartIncluding": "8.6.0"}, {"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "00C9C02B-E40F-4536-BC74-A7DA84E4B845", "versionEndExcluding": "7.0.6", "versionStartIncluding": "6.0.0"}, {"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4562BDF7-D894-4CD8-95AC-9409FDEBE73F", "versionEndExcluding": "7.2.5", "versionStartIncluding": "7.2.0"}, {"criteria": "cpe:2.3:o:fortinet:fortiswitch:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FF5E55C0-C600-4234-AA0C-21259AA6D97F", "versionEndExcluding": "7.0.5", "versionStartIncluding": "6.4.0"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@fortinet.com"}