CVE-2022-23439

MEDIUM

Fortinet - SSRF

Title source: llm

Description

A externally controlled reference to a resource in another sphere vulnerability in Fortinet allows attacker to poison web caches via crafted HTTP requests, where the `Host` header points to an arbitrary webserver

References (1)

[Vendor Advisory] https://fortiguard.com/psirt/FG-IR-23-494

Scores

CVSS v3 4.7

EPSS 0.0021

EPSS Percentile 43.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-610

Status published

Products (15)

fortinet/fortiadc 5.4.0 - 6.2.4

fortinet/fortiauthenticator 6.3.0 - 6.3.4

fortinet/fortiddos 5.3.0 - 5.5.2

fortinet/fortiddos-f 6.1.0 - 6.3.4

fortinet/fortimail 6.4.0 - 7.0.4

fortinet/fortindr 7.2.0

fortinet/fortindr 1.4.0 - 7.1.1

fortinet/fortios 6.0.0 - 7.0.6

fortinet/fortiproxy 2.0.0 - 7.0.5

fortinet/fortirecorder 6.0.0 - 6.0.11

... and 5 more

Published Jan 22, 2025

Tracked Since Feb 18, 2026