CVE-2022-23439 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	4.7 MEDIUM	NETWORK	HIGH	NONE	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
fortinet	CNA	4.1 MEDIUM	NETWORK	HIGH	NONE	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C

Base Score

CVSS 3.x

EPSS Score

Percentile: 32%

Affected Products (NVD)

Vendor	Product	Version
fortinet	fortiadc	5.4.0 ≤ 𝑥 < 6.2.4
fortinet	fortiauthenticator	6.3.0 ≤ 𝑥 < 6.3.4
fortinet	fortiauthenticator	6.4.0 ≤ 𝑥 < 6.4.2
fortinet	fortiddos	5.3.0 ≤ 𝑥 < 5.5.2
fortinet	fortiddos-f	6.1.0 ≤ 𝑥 < 6.3.4
fortinet	fortimail	6.4.0 ≤ 𝑥 < 7.0.4
fortinet	fortindr	1.4.0 ≤ 𝑥 < 7.1.1
fortinet	fortindr	7.2.0
fortinet	fortiproxy	2.0.0 ≤ 𝑥 < 7.0.5
fortinet	fortiproxy	7.2.0 ≤ 𝑥 < 7.4.0
fortinet	fortirecorder	6.0.0 ≤ 𝑥 < 6.0.11
fortinet	fortirecorder	6.4.0 ≤ 𝑥 < 6.4.3
fortinet	fortisoar	6.4.0 ≤ 𝑥 < 7.3.0
fortinet	fortitester	3.7.0 ≤ 𝑥 < 7.2.2
fortinet	fortivoice	6.0.0 ≤ 𝑥 < 6.4.9
fortinet	fortiwlc	8.6.0 ≤ 𝑥 < 8.6.7
fortinet	fortios	6.0.0 ≤ 𝑥 < 7.0.6
fortinet	fortios	7.2.0 ≤ 𝑥 < 7.2.5
fortinet	fortiswitch	6.4.0 ≤ 𝑥 < 7.0.5

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-610 - Externally Controlled Reference to a Resource in Another Sphere
The product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere.

References

https://fortiguard.com/psirt/FG-IR-23-494