Command injection

2021-06-2512:15:00

PRIOn knowledge base

www.prio-n.com

8.9 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

73.4%

JSON

Vulnerability in Fidelis Network and Deception CommandPost enables authenticated command injection through the web interface. The vulnerability could allow a specially crafted HTTP request to execute system commands on the CommandPost and return results in an HTTP response in an authenticated session. The vulnerability is present in Fidelis Network and Deception versions prior to 9.3.7 and in version 9.4. Patches and updates are available to address this vulnerability.

CPENameOperatorVersion
deceptionlt9.3.7
deceptioneq9.4
networklt9.3.7
networkeq9.4

Name	Operator	Version
deception	lt	9.3.7
deception	eq	9.4
network	lt	9.3.7
network	eq	9.4

References

support.fidelissecurity.com/hc/en-us/categories/360001842694-Advisories-News-and-Policies

www.securifera.com/blog/2021/06/24/operation-eagle-eye/