CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2022/05/17 7:26 p.m.•92 views

CVE-2022-24391

CVE-2022-24391 affects Fidelis Network and Deception CommandPost. The web interface is vulnerable to SQL injection when accessed by a user with basic (user) privileges, potentially enabling malicious input to alter queries. Affected versions are Fidelis Network and Deception prior to 9.4.5. Patch...

8.8CVSS9AI score0.00365EPSS

CVE•added 2022/05/17 7:26 p.m.•83 views

CVE-2022-24392

CVE-2022-24392 affects Fidelis Network and Deception CommandPost. The vulnerability allows authenticated command injection via the web interface when using feed_comm_test for the feed parameter; a crafted HTTP request could execute system commands on CommandPost and return results over HTTP withi...

9CVSS9.1AI score0.00616EPSS

Cvelist•added 2022/05/17 7:26 p.m.•14 views

CVE-2022-24392 Authenticated Command Injection Vulnerability in Fidelis Network and Deception

Vulnerability in Fidelis Network and Deception CommandPost enables authenticated command injection through the web interface using the “feedcommtest” value for the “feed” parameter. The vulnerability could allow a specially crafted HTTP request to execute system commands on the CommandPost and...

8.8CVSS9.2AI score0.00616EPSS

Cvelist•added 2022/05/17 7:24 p.m.•13 views

CVE-2022-24393 Authenticated Command Injection Vulnerability in Fidelis Network and Deception

Vulnerability in Fidelis Network and Deception CommandPost enables authenticated command injection through the web interface using the “checkverticaupgrade” value for the “cpIp” parameter. The vulnerability could allow a specially crafted HTTP request to execute system commands on the CommandPost...

8.8CVSS9.2AI score0.00616EPSS

CVE•added 2022/05/17 7:24 p.m.•86 views

CVE-2022-24393

The vulnerability CVE-2022-24393 affects Fidelis Network and Deception CommandPost. It allows authenticated command injection via the web interface by abusing the check_vertica_upgrade value for the cpIp parameter. An attacker with an authenticated session could craft an HTTP request to execute s...

9CVSS9.1AI score0.00616EPSS

Cvelist•added 2022/05/17 7:22 p.m.•16 views

CVE-2022-24394 Authenticated Command Injection Vulnerability in Fidelis Network and Deception

Vulnerability in Fidelis Network and Deception CommandPost enables authenticated command injection through the web interface using the “updatecheckfile” value for the “filename” parameter. The vulnerability could allow a specially crafted HTTP request to execute system commands on the CommandPost...

8.8CVSS9.2AI score0.00616EPSS

CVE•added 2022/05/17 7:22 p.m.•76 views

CVE-2022-24394

Summary of CVE-2022-24394 (Fidelis Network/Deception CommandPost) : A command-injection vulnerability exists in Fidelis Network Deception CommandPost via the update_checkfile value of the filename parameter. The issue permits an authenticated attacker to craft an HTTP request that executes system...

9CVSS9.1AI score0.00616EPSS

CNNVD•added 2022/05/17 12:0 a.m.•1 views

Fidelis Network Deception 命令注入漏洞

Fidelis Network Deception is a security product from Fidelis USA. It is used to detect threats and prevent data loss with features such as detecting malicious behavior, identifying traffic anomalies, and automatically responding to advanced threats. A command injection vulnerability exists in...

9CVSS5.9AI score0.00616EPSS

CNNVD•added 2022/05/17 12:0 a.m.•1 views

Fidelis Network Deception 命令注入漏洞

Fidelis Network Deception is a security product from Fidelis USA, Inc. A command injection vulnerability exists in versions prior to Fidelis Network Deception 9.4.5, which stems from the filename parameter of CommandPost when using the updatecheckfile value. Command injection exists, and an...

9CVSS5.9AI score0.00616EPSS

ATTACKERKB•added 2022/05/16 3:30 p.m.•3 views

CVE-2022-24392

9CVSS7.4AI score0.00616EPSS

ATTACKERKB•added 2022/05/16 3:30 p.m.•2 views

CVE-2022-24394

9CVSS7.4AI score0.00616EPSS

ATTACKERKB•added 2022/05/16 3:30 p.m.•2 views

CVE-2022-24391

8.8CVSS7.4AI score0.00365EPSS

ATTACKERKB•added 2022/05/16 3:30 p.m.•5 views

CVE-2022-0997

Improper file permissions in the CommandPost, Collector, and Sensor components of Fidelis Network and Deception enables an attacker with local, administrative access to the CLI to modify affected script files, which could result in arbitrary commands being run as root upon subsequent logon by a...

7.8CVSS7.4AI score0.00531EPSS

Exploits1References2

ATTACKERKB•added 2022/05/16 3:30 p.m.•3 views

CVE-2022-24393

9CVSS7.4AI score0.00616EPSS

CNVD•added 2021/06/29 12:0 a.m.•6 views

Unspecified Vulnerability in Fidelis Network

7.5CVSS6.8AI score0.00307EPSS

Exploits1References1

OSV•added 2021/06/25 12:15 p.m.•0 views

CVE-2021-35050

User credentials stored in a recoverable format within Fidelis Network and Deception CommandPost. In the event that an attacker gains access to the CommandPost, these values could be decoded and used to login to the application. The vulnerability is present in Fidelis Network and Deception versio...

7.5CVSS5.7AI score

OSV•added 2021/06/25 12:15 p.m.•2 views

CVE-2021-35048

Vulnerability in Fidelis Network and Deception CommandPost enables unauthenticated SQL injection through the web interface. The vulnerability could lead to exposure of authentication tokens in some versions of Fidelis software. The vulnerability is present in Fidelis Network and Deception version...

9.8CVSS7.3AI score

OSV•added 2021/06/25 12:15 p.m.•2 views

CVE-2021-35049

Vulnerability in Fidelis Network and Deception CommandPost enables authenticated command injection through the web interface. The vulnerability could allow a specially crafted HTTP request to execute system commands on the CommandPost and return results in an HTTP response in an authenticated...

8.8CVSS5.9AI score