CVEFinder.io

CVE-2022-23439

🔶 medium
🔍 Scan for this CVE
Summary

A externally controlled reference to a resource in another sphere vulnerability in Fortinet allows attacker to poison web caches via crafted HTTP requests, where the `Host` header points to an arbitrary webserver

CVSS Score
4.7
Medium
EPSS Score
0.1
Exploit Probability
Published Date
2025-01-22
First Seen: 2026-01-05
📊 Relative Risk Intelligence

This CVE is Lower Risk - more severe than 13.8% of all 326,604 vulnerabilities in our database.

#281,479
Below average severity
Severity Percentile
🎯 CISA SSVC Assessment Updated: Jan 22, 2025
🔍 Exploitation Status
None
No known exploits
⚙️ Automatable
NO
Requires human interaction
💥 Technical Impact
Partial
Limited system impact
SSVC data provided by CISA
Last Modified 2026-01-14
Source NVD 🔗
CVSS Vector 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
CWE IDs (Weakness Types)
CWE-610

📦 Affected Products 19

Vendor Product Status Affected Versions
fortinet fortios Affected
≥ 6.0.0 < 7.0.6
fortinet fortios Affected
≥ 7.2.0 < 7.2.5
fortinet fortiauthenticator Affected
≥ 6.3.0 < 6.3.4
fortinet fortiauthenticator Affected
≥ 6.4.0 < 6.4.2
fortinet fortimail Affected
≥ 6.4.0 < 7.0.4
fortinet fortiwlc Affected
≥ 8.6.0 < 8.6.7
fortinet fortiswitch Affected
≥ 6.4.0 < 7.0.5
fortinet fortiadc Affected
≥ 5.4.0 < 6.2.4
fortinet fortivoice Affected
≥ 6.0.0 < 6.4.9
fortinet fortitester Affected
≥ 3.7.0 < 7.2.2
fortinet fortiproxy Affected
≥ 2.0.0 < 7.0.5
fortinet fortiproxy Affected
≥ 7.2.0 < 7.4.0
fortinet fortisoar Affected
≥ 6.4.0 < 7.3.0
fortinet fortiddos Affected
≥ 5.3.0 < 5.5.2
fortinet fortiddos-f Affected
≥ 6.1.0 < 6.3.4
fortinet fortindr Affected
≥ 1.4.0 < 7.1.1
fortinet fortindr Affected
v7.2.0
fortinet fortirecorder Affected
≥ 6.0.0 < 6.0.11
fortinet fortirecorder Affected
≥ 6.4.0 < 6.4.3

🔗 References 1

https://fortiguard.com/psirt/FG-IR-23-494

🔗 Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2025-53844 ⚠️ high 8.8 0.0 A out-of-bounds write vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 ... 2026-05-12
CVE-2026-44277 ⛔ critical 9.8 0.1 A improper access control vulnerability in Fortinet FortiAuthenticator 8.0.2, FortiAuthenticator 8.0.0, FortiAuthenticat... 2026-05-12
CVE-2025-53681 ⚠️ high 7.2 0.0 An improper neutralization of special elements used in an SQL Command ("SQL Injection&") vulnerability [CWE-89] vulnerab... 2026-05-12
CVE-2026-25088 🔶 medium 5.4 0.0 An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiN... 2026-05-12
CVE-2025-53847 🔶 medium 6.5 0.0 A missing authentication for critical function vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 thro... 2026-04-14
CVE-2024-23104 🔶 medium 5.4 0.0 An exposure of sensitive information to an unauthorized actor vulnerability in Fortinet FortiNDR 7.6.0, FortiNDR 7.4.0 t... 2026-04-14
These CVEs affect the same products