China National Vulnerability DatabaseCNVD-2022-59173Fidelis Network Deception命令注入漏洞
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
9 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:C/I:C/A:C
Fidelis Network Deception is a security product from Fidelis USA. used to detect threats and prevent data loss, with features such as detecting malicious behavior, identifying traffic anomalies, and automatically responding to advanced threats.A command injection vulnerability exists in versions prior to Fidelis Network and Deception 9.4.5, which stems from the presence of the feed parameter of CommandPost when using the feed_comm_test value Command injection, an attacker can use this vulnerability to execute system commands via special HTTP requests.
| CPE | Name | Operator | Version |
|---|---|---|---|
| fidelis fidelis network and deception | lt | 9.4.5 |
Related
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
9 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:C/I:C/A:C