4.4 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
0.0004 Low
EPSS
Percentile
10.3%
Improper file permissions in the CommandPost, Collector, Sensor, and Sandbox components of Fidelis Network and Deception enables an attacker with local, administrative access to the CLI to modify affected files and enable escalation of privileges equivalent to the root user. The vulnerability is present in Fidelis Network and Deception versions prior to 9.4.5. Patches and updates are available to address this vulnerability.
[
{
"platforms": [
"CentOS"
],
"product": "Fidelis Network",
"vendor": "Fidelis Cybersecurity",
"versions": [
{
"lessThan": "9.4.5",
"status": "affected",
"version": "Fidelis Network",
"versionType": "custom"
}
]
},
{
"platforms": [
"CentOS"
],
"product": "Fidelis Deception",
"vendor": "Fidelis Cybersecurity",
"versions": [
{
"lessThan": "9.4.5",
"status": "affected",
"version": "Fidelis Deception",
"versionType": "custom"
}
]
}
]