Fidelis Network Deception is a security product from Fidelis USA, Inc. A command injection vulnerability exists in versions prior to Fidelis Network Deception 9.4.5, which stems from the filename parameter of CommandPost when using the update_checkfile value. Command injection exists, and an attacker can use this vulnerability to execute system commands via special HTTP requests.
CPE | Name | Operator | Version |
---|---|---|---|
fidelis fidelis network deception | lt | 9.4.5 |