MEDIUM 4.7 Published on 2025-01-22

CVE-2022-23439

A externally controlled reference to a resource in another sphere vulnerability in Fortinet allows attacker to poison web caches via crafted HTTP requests, where the `Host` header points to an arbitrary webserver

CVSS v3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS 0.2% percentile 42.9%

Affected tracked apps

FortiCamera

com.fortinet.fortirecorder

1 open

FortiSOAR

com.fortinet.fortisoar.ios

1 open

Vulnerable CPE configurations

Vendor	Product	Platform	Versions	CPE 2.3 URI
fortinet	fortirecorder	iOS	≥6.0.0 <6.0.11	cpe:2.3:a:fortinet:fortirecorder::::::::
fortinet	fortirecorder	iOS	≥6.4.0 <6.4.3	cpe:2.3:a:fortinet:fortirecorder::::::::
fortinet	fortisoar	iOS	≥6.4.0 <7.3.0	cpe:2.3:a:fortinet:fortisoar::::::::

View on NVD ↗