CVE-2022-0486 Privileged Command Injection Vulnerability in Fidelis Network and Deception

🗓️ 17 May 2022 19:32:58Reported by FidelisType

Privileged Command Injection Vulnerability in Fidelis Network and Deception due to Improper File Permission

Reporter	Title	Published	Views	Family All 8
GithubExploit	Exploit for Incorrect Default Permissions in Fidelissecurity Deception	3 Jun 202205:06	–	githubexploit
ATTACKERKB	CVE-2022-0486	16 May 202215:30	–	attackerkb
CNNVD	Fidelis Network Deception 安全漏洞	17 May 202200:00	–	cnnvd
CNVD	Fidelis Network Deception has an unspecified vulnerability (CNVD-2022-59167)	19 May 202200:00	–	cnvd
CVE	CVE-2022-0486	17 May 202219:32	–	cve
EUVD	EUVD-2022-15623	3 Oct 202520:07	–	euvd
NVD	CVE-2022-0486	17 May 202220:15	–	nvd
Prion	Input validation	17 May 202220:15	–	prion

[
  {
    "platforms": [
      "CentOS"
    ],
    "product": "Fidelis Network",
    "vendor": "Fidelis Cybersecurity",
    "versions": [
      {
        "lessThan": "9.4.5",
        "status": "affected",
        "version": "Fidelis Network",
        "versionType": "custom"
      }
    ]
  },
  {
    "platforms": [
      "CentOS"
    ],
    "product": "Fidelis Deception",
    "vendor": "Fidelis Cybersecurity",
    "versions": [
      {
        "lessThan": "9.4.5",
        "status": "affected",
        "version": "Fidelis Deception",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
fidelissecurity	www.fidelissecurity.zendesk.com/hc/en-us/articles/6211730139411

17 May 2022 19:32Current

8High risk

Vulners AI Score8

CVSS 3.14.4

EPSS0.00242

CWE-276