Details of VAR-202402-1155

ID

VAR-202402-1155

CVE

CVE-2022-23439

TITLE

Multiple Fortinet products are vulnerable to externally controlled access to resources in other domains

Trust: 0.8

sources: JVNDB: JVNDB-2022-025638

DESCRIPTION

A externally controlled reference to a resource in another sphere in Fortinet FortiManager before version 7.4.3, FortiMail before version 7.0.3, FortiAnalyzer before version 7.4.3, FortiVoice version 7.0.0, 7.0.1 and before 6.4.8, FortiProxy before version 7.0.4, FortiRecorder version 6.4.0 through 6.4.2 and before 6.0.10, FortiAuthenticator version 6.4.0 through 6.4.1 and before 6.3.3, FortiNDR version 7.2.0 before 7.1.0, FortiWLC before version 8.6.4, FortiPortal before version 6.0.9, FortiOS version 7.2.0 and before 7.0.5, FortiADC version 7.0.0 through 7.0.1 and before 6.2.3 , FortiDDoS before version 5.5.1, FortiDDoS-F before version 6.3.3, FortiTester before version 7.2.1, FortiSOAR before version 7.2.2 and FortiSwitch before version 6.3.3 allows attacker to poison web caches via crafted HTTP requests, where the `Host` header points to an arbitrary webserver. FortiADC , FortiAuthenticator , FortiDDoS Several Fortinet products, including the above, contain vulnerabilities that allow externally controlled access to resources in other areas.Information may be obtained and information may be tampered with

Trust: 1.62

sources: NVD: CVE-2022-23439 // JVNDB: JVNDB-2022-025638

AFFECTED PRODUCTS

vendor:	fortinet	model:	fortiddos-f	scope:	gte	version:	6.1.0	Trust: 1.0
vendor:	fortinet	model:	fortiwlc	scope:	gte	version:	8.6.0	Trust: 1.0
vendor:	fortinet	model:	fortiswitch	scope:	lt	version:	7.0.5	Trust: 1.0
vendor:	fortinet	model:	fortimail	scope:	lt	version:	7.0.4	Trust: 1.0
vendor:	fortinet	model:	fortisoar	scope:	lt	version:	7.3.0	Trust: 1.0
vendor:	fortinet	model:	fortirecorder	scope:	gte	version:	6.0.0	Trust: 1.0
vendor:	fortinet	model:	fortirecorder	scope:	gte	version:	6.4.0	Trust: 1.0
vendor:	fortinet	model:	fortiauthenticator	scope:	lt	version:	6.4.2	Trust: 1.0
vendor:	fortinet	model:	fortiauthenticator	scope:	gte	version:	6.4.0	Trust: 1.0
vendor:	fortinet	model:	fortindr	scope:	eq	version:	7.2.0	Trust: 1.0
vendor:	fortinet	model:	fortiswitch	scope:	gte	version:	6.4.0	Trust: 1.0
vendor:	fortinet	model:	fortiauthenticator	scope:	gte	version:	6.3.0	Trust: 1.0
vendor:	fortinet	model:	fortiddos-f	scope:	lt	version:	6.3.4	Trust: 1.0
vendor:	fortinet	model:	fortimail	scope:	gte	version:	6.4.0	Trust: 1.0
vendor:	fortinet	model:	fortiproxy	scope:	gte	version:	7.2.0	Trust: 1.0
vendor:	fortinet	model:	fortirecorder	scope:	lt	version:	6.0.11	Trust: 1.0
vendor:	fortinet	model:	fortiproxy	scope:	lt	version:	7.4.0	Trust: 1.0
vendor:	fortinet	model:	fortiauthenticator	scope:	lt	version:	6.3.4	Trust: 1.0
vendor:	fortinet	model:	fortitester	scope:	lt	version:	7.2.2	Trust: 1.0
vendor:	fortinet	model:	fortindr	scope:	lt	version:	7.1.1	Trust: 1.0
vendor:	fortinet	model:	fortivoice	scope:	lt	version:	6.4.9	Trust: 1.0
vendor:	fortinet	model:	fortivoice	scope:	gte	version:	6.0.0	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	lt	version:	7.2.5	Trust: 1.0
vendor:	fortinet	model:	fortindr	scope:	gte	version:	1.4.0	Trust: 1.0
vendor:	fortinet	model:	fortiadc	scope:	lt	version:	6.2.4	Trust: 1.0
vendor:	fortinet	model:	fortirecorder	scope:	lt	version:	6.4.3	Trust: 1.0
vendor:	fortinet	model:	fortiproxy	scope:	lt	version:	7.0.5	Trust: 1.0
vendor:	fortinet	model:	fortiwlc	scope:	lt	version:	8.6.7	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	gte	version:	7.2.0	Trust: 1.0
vendor:	fortinet	model:	fortiadc	scope:	gte	version:	5.4.0	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	lt	version:	7.0.6	Trust: 1.0
vendor:	fortinet	model:	fortisoar	scope:	gte	version:	6.4.0	Trust: 1.0
vendor:	fortinet	model:	fortitester	scope:	gte	version:	3.7.0	Trust: 1.0
vendor:	fortinet	model:	fortiproxy	scope:	gte	version:	2.0.0	Trust: 1.0
vendor:	fortinet	model:	fortiddos	scope:	gte	version:	5.3.0	Trust: 1.0
vendor:	fortinet	model:	fortiddos	scope:	lt	version:	5.5.2	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	gte	version:	6.0.0	Trust: 1.0
vendor:	フォーティネット	model:	fortisoar	scope:	-	version:	-	Trust: 0.8
vendor:	フォーティネット	model:	fortiwlc	scope:	-	version:	-	Trust: 0.8
vendor:	フォーティネット	model:	fortivoice	scope:	-	version:	-	Trust: 0.8
vendor:	フォーティネット	model:	fortimail	scope:	-	version:	-	Trust: 0.8
vendor:	フォーティネット	model:	fortiadc	scope:	-	version:	-	Trust: 0.8
vendor:	フォーティネット	model:	fortios	scope:	-	version:	-	Trust: 0.8
vendor:	フォーティネット	model:	fortiswitch	scope:	eq	version:	6.4.0 that's all 7.0.5	Trust: 0.8
vendor:	フォーティネット	model:	fortiauthenticator	scope:	-	version:	-	Trust: 0.8
vendor:	フォーティネット	model:	fortindr	scope:	-	version:	-	Trust: 0.8
vendor:	フォーティネット	model:	fortiddos	scope:	-	version:	-	Trust: 0.8
vendor:	フォーティネット	model:	fortiddos-f	scope:	-	version:	-	Trust: 0.8
vendor:	フォーティネット	model:	fortiproxy	scope:	-	version:	-	Trust: 0.8
vendor:	フォーティネット	model:	fortitester	scope:	-	version:	-	Trust: 0.8
vendor:	フォーティネット	model:	fortirecorder	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-025638 // NVD: CVE-2022-23439

CVSS

SEVERITY

CVSSV2

CVSSV3

psirt@fortinet.com:	CVE-2022-23439
value:	MEDIUM
Trust: 1.0
nvd@nist.gov:	CVE-2022-23439
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2022-23439
value:	MEDIUM
Trust: 0.8

psirt@fortinet.com:	CVE-2022-23439
baseSeverity:	MEDIUM
baseScore:	4.7
vectorString:	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	1.6
impactScore:	2.7
version:	3.1
Trust: 1.0
nvd@nist.gov:	CVE-2022-23439
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.7
version:	3.1
Trust: 1.0
NVD:	CVE-2022-23439
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2022-025638 // NVD: CVE-2022-23439 // NVD: CVE-2022-23439

PROBLEMTYPE DATA

problemtype:	CWE-610	Trust: 1.0
problemtype:	Externally controllable reference to another region resource (CWE-610) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2022-025638 // NVD: CVE-2022-23439

PATCH

title:	CVE-2022-XXXX	url:	https://github.com/AlphabugX/CVE-2022-23305	Trust: 0.1
title:	CVE-2022-XXXX	url:	https://github.com/AlphabugX/CVE-2022-RCE	Trust: 0.1

sources: VULMON: CVE-2022-23439

EXTERNAL IDS

db:	NVD	id:	CVE-2022-23439	Trust: 2.7
db:	JVNDB	id:	JVNDB-2022-025638	Trust: 0.8
db:	VULMON	id:	CVE-2022-23439	Trust: 0.1

sources: VULMON: CVE-2022-23439 // JVNDB: JVNDB-2022-025638 // NVD: CVE-2022-23439

REFERENCES

url:	https://fortiguard.com/psirt/fg-ir-21-254	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2022-23439	Trust: 0.8
url:	https://github.com/alphabugx/cve-2022-23305	Trust: 0.1

sources: VULMON: CVE-2022-23439 // JVNDB: JVNDB-2022-025638 // NVD: CVE-2022-23439

SOURCES

db:	VULMON	id:	CVE-2022-23439
db:	JVNDB	id:	JVNDB-2022-025638
db:	NVD	id:	CVE-2022-23439

LAST UPDATE DATE

2025-02-22T23:38:28.822000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2022-025638	date:	2025-02-18T08:41:00
db:	NVD	id:	CVE-2022-23439	date:	2025-02-12T13:39:42.107

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2022-025638	date:	2025-02-18T00:00:00
db:	NVD	id:	CVE-2022-23439	date:	2025-01-22T10:15:07.737