What is CVE-2022-23439?

CVE-2022-23439 is a medium-severity vulnerability in Fortinet Fortiadc, classified under Externally Controlled Reference to a Resource in Another Sphere. CVSS score: 4.1/10. Published 2025-01-22.

How severe is CVE-2022-23439?

Medium severity. CVSS v3 base score is 4.1 out of 10.

Vulnerability in Fortinet Fortiadc

CVE-2022-23439

A externally controlled reference to a resource in another sphere vulnerability in Fortinet allows attacker to poison web caches via crafted HTTP requests, where the `Host` header points to an arbitrary webserver

EPSS: 0.002 (43.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 4.1 (Medium). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C.

Affected products

Fortinet Fortiadc — versions 7.0.0, 6.2.0, 6.1.0
Fortinet Fortianalyzer — versions 7.4.0, 7.2.0, 7.0.0
Fortinet Fortiauthenticator — versions 6.4.0, 6.3.0, 6.2.0
Fortinet Fortiddos — versions 5.5.0, 5.4.0, 5.3.0
Fortinet Fortiddos-f — versions 6.3.0, 6.2.0, 6.1.0
Fortinet Fortimail — versions 7.0.0, 6.4.0, 6.2.0
Fortinet Fortimanager — versions 7.4.0, 7.2.0, 7.0.0
Fortinet Fortindr — versions 7.2.0, 7.1.0, 7.0.0
Fortinet Fortios — versions 7.2.0, 7.0.0, 6.4.0
Fortinet Fortiportal — versions 6.0.0

Weakness classification (CWE)

CWE-610 — Externally Controlled Reference to a Resource in Another Sphere

References

https://fortiguard.com/psirt/FG-IR-23-494

Frequently asked questions

What is CVE-2022-23439?: CVE-2022-23439 is a medium-severity vulnerability in Fortinet Fortiadc, classified under Externally Controlled Reference to a Resource in Another Sphere. CVSS score: 4.1/10. Published 2025-01-22.
How severe is CVE-2022-23439?: Medium severity. CVSS v3 base score is 4.1 out of 10.