CVE-2022-23439

Name of the Vulnerable Software and Affected Versions FortiManager versions prior to 7.4.3 FortiMail versions prior to 7.0.3 FortiAnalyzer versions prior to 7.4.3 FortiVoice versions 7.0.0, 7.0.1 and prior to 6.4.8 FortiProxy versions prior to 7.0.4 FortiRecorder versions 6.4.0 through 6.4.2 and prior to 6.0.10 FortiAuthenticator versions 6.4.0 through 6.4.1 and prior to 6.3.3 FortiNDR version 7.2.0 and prior to 7.1.0 FortiWLC versions prior to 8.6.4 FortiPortal versions prior to 6.0.9 FortiOS versions 7.2.0 and prior to 7.0.5 FortiADC versions 7.0.0 through 7.0.1 and prior to 6.2.3 FortiDDoS versions prior to 5.5.1 FortiDDoS-F versions prior to 6.3.3 FortiTester versions prior to 7.2.1 FortiSOAR versions prior to 7.2.2 FortiSwitch versions prior to 6.3.3

Description The issue allows an attacker to poison web caches via crafted HTTP requests, where the Host header points to an arbitrary webserver. This can be achieved through an externally controlled reference to a resource in another sphere.

Recommendations Update FortiManager to version 7.4.3 or later Update FortiMail to version 7.0.3 or later Update FortiAnalyzer to version 7.4.3 or later Update FortiVoice to version 6.4.8 or later, and avoid using versions 7.0.0 and 7.0.1 Update FortiProxy to version 7.0.4 or later Update FortiRecorder to version 6.0.10 or later, and avoid using versions 6.4.0 through 6.4.2 Update FortiAuthenticator to version 6.3.3 or later, and avoid using versions 6.4.0 through 6.4.1 Update FortiNDR to version 7.1.0 or later, and avoid using version 7.2.0 Update FortiWLC to version 8.6.4 or later Update FortiPortal to version 6.0.9 or later Update FortiOS to version 7.0.5 or later, and avoid using version 7.2.0 Update FortiADC to version 6.2.3 or later, and avoid using versions 7.0.0 through 7.0.1 Update FortiDDoS to version 5.5.1 or later Update FortiDDoS-F to version 6.3.3 or later Update FortiTester to version 7.2.1 or later Update FortiSOAR to version 7.2.2 or later Update FortiSwitch to version 6.3.3 or later As a temporary workaround, consider restricting access to the Host header in HTTP requests until a patch is available.