CVE-2022-23439
Essential information
- Published
- 22/01/2025 10:15
- Modified
- 12/02/2025 13:39
- Author
- —
- Creator
- —
- CVSS
- 4.7 MEDIUM (v3.1)
- CISA KEV
- No
- CWE
- —
- CVSS vector
-
—
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N—
CVSS metrics
- Access vector
- —
- Access complexity
- —
- Authentication
- —
- Confidentiality impact
- —
- Integrity impact
- —
- Availability impact
- —
- Exploitability
- —
- Remediation level
- —
- Report confidence
- —
- Temporal score
- —
- Attack vector
- NETWORK
- Attack complexity
- HIGH
- Privileges required
- NONE
- User interaction
- REQUIRED
- Scope
- CHANGED
- Confidentiality impact
- LOW
- Integrity impact
- LOW
- Availability impact
- NONE
- Exploit code maturity
- —
- Remediation level
- —
- Report confidence
- —
- Temporal score
- —
- Attack vector
- —
- Attack complexity
- —
- Attack requirements
- —
- Privileges required
- —
- User interaction
- —
- Confidentiality (V)
- —
- Confidentiality (S)
- —
- Integrity (V)
- —
- Integrity (S)
- —
- Availability (V)
- —
- Availability (S)
- —
- Exploit maturity
- —
Description
A externally controlled reference to a resource in another sphere in Fortinet FortiManager before version 7.4.3, FortiMail before version 7.0.3, FortiAnalyzer before version 7.4.3, FortiVoice version 7.0.0, 7.0.1 and before 6.4.8, FortiProxy before version 7.0.4, FortiRecorder version 6.4.0 through 6.4.2 and before 6.0.10, FortiAuthenticator version 6.4.0 through 6.4.1 and before 6.3.3, FortiNDR version 7.2.0 before 7.1.0, FortiWLC before version 8.6.4, FortiPortal before version 6.0.9, FortiOS version 7.2.0 and before 7.0.5, FortiADC version 7.0.0 through 7.0.1 and before 6.2.3 , FortiDDoS before version 5.5.1, FortiDDoS-F before version 6.3.3, FortiTester before version 7.2.1, FortiSOAR before version 7.2.2 and FortiSwitch before version 6.3.3 allows attacker to poison web caches via crafted HTTP requests, where the `Host` header points to an arbitrary webserver
NVD status
- Status
- Analyzed — CVE has been recently published to the CVE List and has been received by the NVD.
- Source
- [email protected]
- NVD
- View on NVD
Affected products (CPE)
| Product | CPE |
|---|---|
| fortinet / fortiadc | cpe:2.3:a:fortinet:fortiadc:*:*:*:*:*:*:*:* |
| fortinet / fortiauthenticator | cpe:2.3:a:fortinet:fortiauthenticator:*:*:*:*:*:*:*:* |
| fortinet / fortiauthenticator | cpe:2.3:a:fortinet:fortiauthenticator:*:*:*:*:*:*:*:* |
| fortinet / fortiddos | cpe:2.3:a:fortinet:fortiddos:*:*:*:*:*:*:*:* |
| fortinet / fortiddos-f | cpe:2.3:a:fortinet:fortiddos-f:*:*:*:*:*:*:*:* |
| fortinet / fortimail | cpe:2.3:a:fortinet:fortimail:*:*:*:*:*:*:*:* |
| fortinet / fortindr | cpe:2.3:a:fortinet:fortindr:*:*:*:*:*:*:*:* |
| fortinet / fortindr | cpe:2.3:a:fortinet:fortindr:7.2.0:*:*:*:*:*:*:* |
| fortinet / fortiproxy | cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:* |
| fortinet / fortiproxy | cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:* |
| fortinet / fortirecorder | cpe:2.3:a:fortinet:fortirecorder:*:*:*:*:*:*:*:* |
| fortinet / fortirecorder | cpe:2.3:a:fortinet:fortirecorder:*:*:*:*:*:*:*:* |
| fortinet / fortisoar | cpe:2.3:a:fortinet:fortisoar:*:*:*:*:*:*:*:* |
| fortinet / fortitester | cpe:2.3:a:fortinet:fortitester:*:*:*:*:*:*:*:* |
| fortinet / fortivoice | cpe:2.3:a:fortinet:fortivoice:*:*:*:*:*:*:*:* |
| fortinet / fortiwlc | cpe:2.3:a:fortinet:fortiwlc:*:*:*:*:*:*:*:* |
| fortinet / fortios | cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:* |
| fortinet / fortios | cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:* |
| fortinet / fortiswitch | cpe:2.3:o:fortinet:fortiswitch:*:*:*:*:*:*:*:* |