Details of VAR-202402-1155

ID

VAR-202402-1155

CVE

CVE-2022-23439

TITLE

Multiple Fortinet products are vulnerable to externally controlled access to resources in other domains

Trust: 0.8

sources: JVNDB: JVNDB-2022-025638

DESCRIPTION

A externally controlled reference to a resource in another sphere vulnerability in Fortinet allows attacker to poison web caches via crafted HTTP requests, where the `Host` header points to an arbitrary webserver. FortiADC , FortiAuthenticator , FortiDDoS Several Fortinet products, including the above, contain vulnerabilities that allow externally controlled access to resources in other areas.Information may be obtained and information may be tampered with

Trust: 1.62

sources: NVD: CVE-2022-23439 // JVNDB: JVNDB-2022-025638

AFFECTED PRODUCTS

vendor:	fortinet	model:	fortindr	scope:	lt	version:	7.1.1	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	lt	version:	7.0.6	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	lt	version:	7.2.5	Trust: 1.0
vendor:	fortinet	model:	fortiswitch	scope:	gte	version:	6.4.0	Trust: 1.0
vendor:	fortinet	model:	fortiauthenticator	scope:	lt	version:	6.3.4	Trust: 1.0
vendor:	fortinet	model:	fortindr	scope:	gte	version:	1.4.0	Trust: 1.0
vendor:	fortinet	model:	fortiproxy	scope:	gte	version:	7.2.0	Trust: 1.0
vendor:	fortinet	model:	fortirecorder	scope:	gte	version:	6.0.0	Trust: 1.0
vendor:	fortinet	model:	fortisoar	scope:	lt	version:	7.3.0	Trust: 1.0
vendor:	fortinet	model:	fortiproxy	scope:	lt	version:	7.0.5	Trust: 1.0
vendor:	fortinet	model:	fortiddos	scope:	lt	version:	5.5.2	Trust: 1.0
vendor:	fortinet	model:	fortiadc	scope:	gte	version:	5.4.0	Trust: 1.0
vendor:	fortinet	model:	fortiauthenticator	scope:	lt	version:	6.4.2	Trust: 1.0
vendor:	fortinet	model:	fortimail	scope:	gte	version:	6.4.0	Trust: 1.0
vendor:	fortinet	model:	fortiauthenticator	scope:	gte	version:	6.3.0	Trust: 1.0
vendor:	fortinet	model:	fortiauthenticator	scope:	gte	version:	6.4.0	Trust: 1.0
vendor:	fortinet	model:	fortiwlc	scope:	gte	version:	8.6.0	Trust: 1.0
vendor:	fortinet	model:	fortiproxy	scope:	lt	version:	7.4.0	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	gte	version:	6.0.0	Trust: 1.0
vendor:	fortinet	model:	fortimail	scope:	lt	version:	7.0.4	Trust: 1.0
vendor:	fortinet	model:	fortiddos-f	scope:	lt	version:	6.3.4	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	gte	version:	7.2.0	Trust: 1.0
vendor:	fortinet	model:	fortiswitch	scope:	lt	version:	7.0.5	Trust: 1.0
vendor:	fortinet	model:	fortindr	scope:	eq	version:	7.2.0	Trust: 1.0
vendor:	fortinet	model:	fortitester	scope:	gte	version:	3.7.0	Trust: 1.0
vendor:	fortinet	model:	fortivoice	scope:	gte	version:	6.0.0	Trust: 1.0
vendor:	fortinet	model:	fortisoar	scope:	gte	version:	6.4.0	Trust: 1.0
vendor:	fortinet	model:	fortiadc	scope:	lt	version:	6.2.4	Trust: 1.0
vendor:	fortinet	model:	fortitester	scope:	lt	version:	7.2.2	Trust: 1.0
vendor:	fortinet	model:	fortiddos-f	scope:	gte	version:	6.1.0	Trust: 1.0
vendor:	fortinet	model:	fortiddos	scope:	gte	version:	5.3.0	Trust: 1.0
vendor:	fortinet	model:	fortirecorder	scope:	lt	version:	6.4.3	Trust: 1.0
vendor:	fortinet	model:	fortirecorder	scope:	gte	version:	6.4.0	Trust: 1.0
vendor:	fortinet	model:	fortiwlc	scope:	lt	version:	8.6.7	Trust: 1.0
vendor:	fortinet	model:	fortiproxy	scope:	gte	version:	2.0.0	Trust: 1.0
vendor:	fortinet	model:	fortivoice	scope:	lt	version:	6.4.9	Trust: 1.0
vendor:	fortinet	model:	fortirecorder	scope:	lt	version:	6.0.11	Trust: 1.0
vendor:	フォーティネット	model:	fortisoar	scope:	-	version:	-	Trust: 0.8
vendor:	フォーティネット	model:	fortiwlc	scope:	-	version:	-	Trust: 0.8
vendor:	フォーティネット	model:	fortivoice	scope:	-	version:	-	Trust: 0.8
vendor:	フォーティネット	model:	fortimail	scope:	-	version:	-	Trust: 0.8
vendor:	フォーティネット	model:	fortiadc	scope:	-	version:	-	Trust: 0.8
vendor:	フォーティネット	model:	fortios	scope:	-	version:	-	Trust: 0.8
vendor:	フォーティネット	model:	fortiswitch	scope:	eq	version:	6.4.0 that's all 7.0.5	Trust: 0.8
vendor:	フォーティネット	model:	fortiauthenticator	scope:	-	version:	-	Trust: 0.8
vendor:	フォーティネット	model:	fortindr	scope:	-	version:	-	Trust: 0.8
vendor:	フォーティネット	model:	fortiddos	scope:	-	version:	-	Trust: 0.8
vendor:	フォーティネット	model:	fortiddos-f	scope:	-	version:	-	Trust: 0.8
vendor:	フォーティネット	model:	fortiproxy	scope:	-	version:	-	Trust: 0.8
vendor:	フォーティネット	model:	fortitester	scope:	-	version:	-	Trust: 0.8
vendor:	フォーティネット	model:	fortirecorder	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-025638 // NVD: CVE-2022-23439

CVSS

SEVERITY

CVSSV2

CVSSV3

psirt@fortinet.com:	CVE-2022-23439
value:	MEDIUM
Trust: 1.0
nvd@nist.gov:	CVE-2022-23439
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2022-23439
value:	MEDIUM
Trust: 0.8

psirt@fortinet.com:	CVE-2022-23439
baseSeverity:	MEDIUM
baseScore:	4.7
vectorString:	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	1.6
impactScore:	2.7
version:	3.1
Trust: 1.0
nvd@nist.gov:	CVE-2022-23439
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.7
version:	3.1
Trust: 1.0
NVD:	CVE-2022-23439
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2022-025638 // NVD: CVE-2022-23439 // NVD: CVE-2022-23439

PROBLEMTYPE DATA

problemtype:	CWE-610	Trust: 1.0
problemtype:	Externally controllable reference to another region resource (CWE-610) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2022-025638 // NVD: CVE-2022-23439

PATCH

title:	CVE-2022-XXXX	url:	https://github.com/AlphabugX/CVE-2022-23305	Trust: 0.1
title:	CVE-2022-XXXX	url:	https://github.com/AlphabugX/CVE-2022-RCE	Trust: 0.1

sources: VULMON: CVE-2022-23439

EXTERNAL IDS

db:	NVD	id:	CVE-2022-23439	Trust: 2.7
db:	JVNDB	id:	JVNDB-2022-025638	Trust: 0.8
db:	VULMON	id:	CVE-2022-23439	Trust: 0.1

sources: VULMON: CVE-2022-23439 // JVNDB: JVNDB-2022-025638 // NVD: CVE-2022-23439

REFERENCES

url:	https://fortiguard.com/psirt/fg-ir-23-494	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2022-23439	Trust: 0.8
url:	https://github.com/alphabugx/cve-2022-23305	Trust: 0.1

sources: VULMON: CVE-2022-23439 // JVNDB: JVNDB-2022-025638 // NVD: CVE-2022-23439

SOURCES

db:	VULMON	id:	CVE-2022-23439
db:	JVNDB	id:	JVNDB-2022-025638
db:	NVD	id:	CVE-2022-23439

LAST UPDATE DATE

2026-01-14T23:53:04.638000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2022-025638	date:	2025-02-18T08:41:00
db:	NVD	id:	CVE-2022-23439	date:	2026-01-14T14:16:06.757

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2022-025638	date:	2025-02-18T00:00:00
db:	NVD	id:	CVE-2022-23439	date:	2025-01-22T10:15:07.737