6.1

CVE-2022-23439

A externally controlled reference to a resource in another sphere vulnerability in Fortinet  allows attacker to poison web caches via crafted HTTP requests, where the `Host` header points to an arbitrary webserver
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
FortinetFortiadc Version >= 5.4.0 < 6.2.4
FortinetFortiauthenticator Version >= 6.3.0 < 6.3.4
FortinetFortiauthenticator Version >= 6.4.0 < 6.4.2
FortinetFortiddos Version >= 5.3.0 < 5.5.2
FortinetFortiddos-f Version >= 6.1.0 < 6.3.4
FortinetFortimail Version >= 6.4.0 < 7.0.4
FortinetFortiNDR Version >= 1.4.0 < 7.1.1
FortinetFortiNDR Version7.2.0
FortinetFortiProxy Version >= 2.0.0 < 7.0.5
FortinetFortiProxy Version >= 7.2.0 < 7.4.0
FortinetFortirecorder Version >= 6.0.0 < 6.0.11
FortinetFortirecorder Version >= 6.4.0 < 6.4.3
FortinetFortisoar Version >= 6.4.0 < 7.3.0
FortinetFortitester Version >= 3.7.0 < 7.2.2
FortinetFortivoice Version >= 6.0.0 < 6.4.9
FortinetFortiwlc Version >= 8.6.0 < 8.6.7
FortinetFortiOS Version >= 6.0.0 < 7.0.6
FortinetFortiOS Version >= 7.2.0 < 7.2.5
FortinetFortiswitch Version >= 6.4.0 < 7.0.5
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.13% 0.336
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.1 2.8 2.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
psirt@fortinet.com 4.7 1.6 2.7
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
CWE-610 Externally Controlled Reference to a Resource in Another Sphere

The product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere.