CVE-2022-23439

Summary

A externally controlled reference to a resource in another sphere vulnerability in Fortinet allows attacker to poison web caches via crafted HTTP requests, where the Host header points to an arbitrary webserver

Affected Software

VendorProductVersion RangeStatus
FortinetFortiTester7.2.0 <= 7.2.1affected
FortinetFortiTester7.1.0 <= 7.1.1affected
FortinetFortiTester7.0.0affected
FortinetFortiTester4.2.0 <= 4.2.1affected
FortinetFortiTester4.1.0 <= 4.1.1affected
FortinetFortiTester4.0.0affected
FortinetFortiTester3.9.0 <= 3.9.2affected
FortinetFortiTester3.8.0affected
FortinetFortiTester3.7.0 <= 3.7.1affected
FortinetFortiTester3.6.0affected
FortinetFortiTester3.5.0 <= 3.5.1affected
FortinetFortiTester3.4.0affected
FortinetFortiTester3.3.0 <= 3.3.1affected
FortinetFortiOS7.2.0affected
FortinetFortiOS7.0.0 <= 7.0.5affected
FortinetFortiOS6.4.0 <= 6.4.16affected
FortinetFortiOS6.2.0 <= 6.2.17affected
FortinetFortiOS6.0.0 <= 6.0.18affected
FortinetFortiOS6.4.0 < 6.4.*affected
FortinetFortiRecorder6.4.0 <= 6.4.2affected
FortinetFortiRecorder6.0.0 <= 6.0.10affected
FortinetFortiRecorder2.7.0 <= 2.7.7affected
FortinetFortiRecorder2.6.0 <= 2.6.3affected
FortinetFortiNDR7.2.0affected
FortinetFortiNDR7.1.0affected
FortinetFortiNDR7.0.0 <= 7.0.7affected
FortinetFortiNDR1.5.0 <= 1.5.3affected
FortinetFortiNDR1.4.0affected
FortinetFortiNDR1.3.0 <= 1.3.1affected
FortinetFortiNDR1.2.0affected
FortinetFortiNDR1.1.0affected
FortinetFortiADC7.0.0 <= 7.0.1affected
FortinetFortiADC6.2.0 <= 6.2.3affected
FortinetFortiADC6.1.0 <= 6.1.6affected
FortinetFortiADC6.0.0 <= 6.0.4affected
FortinetFortiADC5.4.0 <= 5.4.5affected
FortinetFortiADC5.3.0 <= 5.3.7affected
FortinetFortiADC5.2.0 <= 5.2.8affected
FortinetFortiADC5.1.0 <= 5.1.7affected
FortinetFortiADC5.0.0 <= 5.0.4affected
FortinetFortiManager7.4.0 <= 7.4.3affected
FortinetFortiManager7.2.0 <= 7.2.11affected
FortinetFortiManager7.0.0 <= 7.0.15affected
FortinetFortiManager6.4.0 <= 6.4.15affected
FortinetFortiManager6.2.0 <= 6.2.13affected
FortinetFortiVoice7.0.0 <= 7.0.1affected
FortinetFortiVoice6.4.0 <= 6.4.8affected
FortinetFortiVoice6.0.0 <= 6.0.11affected
FortinetFortiSOAR on-premise7.2.0 <= 7.2.2affected
FortinetFortiSOAR on-premise7.0.0 <= 7.0.3affected
FortinetFortiSOAR on-premise6.4.3 <= 6.4.4affected
FortinetFortiSOAR on-premise6.4.0 <= 6.4.1affected
FortinetFortiDDoS5.5.0 <= 5.5.1affected
FortinetFortiDDoS5.4.0 <= 5.4.3affected
FortinetFortiDDoS5.3.0 <= 5.3.2affected
FortinetFortiDDoS5.2.0affected
FortinetFortiDDoS5.1.0affected
FortinetFortiDDoS5.0.0affected
FortinetFortiDDoS4.7.0affected
FortinetFortiDDoS4.6.0affected
FortinetFortiDDoS4.5.0affected
FortinetFortiWLC8.6.0 <= 8.6.7affected
FortinetFortiWLC8.5.0 <= 8.5.5affected
FortinetFortiWLC8.4.4 <= 8.4.8affected
FortinetFortiWLC8.4.0 <= 8.4.2affected
FortinetFortiAnalyzer7.4.0 <= 7.4.2affected
FortinetFortiAnalyzer7.2.0 <= 7.2.11affected
FortinetFortiAnalyzer7.0.0 <= 7.0.15affected
FortinetFortiAnalyzer6.4.0 <= 6.4.15affected
FortinetFortiAnalyzer6.2.0 <= 6.2.13affected
FortinetFortiPortal6.0.0 <= 6.0.9affected
FortinetFortiAuthenticator6.4.0 <= 6.4.1affected
FortinetFortiAuthenticator6.3.0 <= 6.3.3affected
FortinetFortiAuthenticator6.2.0 <= 6.2.2affected
FortinetFortiAuthenticator6.1.0 <= 6.1.3affected
FortinetFortiAuthenticator6.0.0 <= 6.0.8affected
FortinetFortiAuthenticator5.5.0affected
FortinetFortiAuthenticator5.4.0 <= 5.4.1affected
FortinetFortiAuthenticator5.3.0 <= 5.3.1affected
FortinetFortiAuthenticator5.2.0 <= 5.2.2affected
FortinetFortiAuthenticator5.1.0 <= 5.1.2affected
FortinetFortiMail7.0.0 <= 7.0.3affected
FortinetFortiMail6.4.0 <= 6.4.8affected
FortinetFortiMail6.2.0 <= 6.2.9affected
FortinetFortiMail6.0.0 <= 6.0.12affected
FortinetFortiMail5.4.0 <= 5.4.12affected
FortinetFortiDDoS-F6.3.0 <= 6.3.3affected
FortinetFortiDDoS-F6.2.0 <= 6.2.3affected
FortinetFortiDDoS-F6.1.0 <= 6.1.5affected
FortinetFortiSwitch7.0.0 <= 7.0.4affected
FortinetFortiSwitch6.4.0 <= 6.4.10affected
FortinetFortiSwitch6.2.0 <= 6.2.8affected
FortinetFortiSwitch6.0.0 <= 6.0.7affected
FortinetFortiProxy7.0.0 <= 7.0.4affected
FortinetFortiProxy2.0.0 <= 2.0.14affected
FortinetFortiProxy1.2.0 <= 1.2.13affected
FortinetFortiProxy1.1.0 <= 1.1.6affected
FortinetFortiProxy1.0.0 <= 1.0.7affected

Weaknesses

  • CWE-610: Improper access control

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References