CVE-2022-23439

CVSS 4.1 MEDIUMEPSS 0.4%CWE-610

A externally controlled reference to a resource in another sphere vulnerability in Fortinet allows attacker to poison web caches via crafted HTTP requests, where the `Host` header points to an arbitrary webserver

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C

Affected products

Fortinet · FortiADC Fortinet · FortiAnalyzer Fortinet · FortiAuthenticator Fortinet · FortiDDoS Fortinet · FortiDDoS-F Fortinet · FortiMail Fortinet · FortiManager Fortinet · FortiNDR Fortinet · FortiOS Fortinet · FortiPortal Fortinet · FortiProxy Fortinet · FortiRecorder Fortinet · FortiSOAR on-premise Fortinet · FortiSwitch Fortinet · FortiTester Fortinet · FortiVoice Fortinet · FortiWLC

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://fortiguard.com/psirt/FG-IR-23-494