2 matches found
CVE-2022-24388
CVE-2022-24388 involves Fidelis Network and Fidelis Deception components (CommandPost, Collector, Sensor, Sandbox, and neighboring Fidelis components) with a vulnerability rooted in rconfig date handling. Versions prior to 9.4.5 are affected. An attacker who already has CLI user-level access can ...
CVE-2022-24388 Authenticated Privileged Command Injection Vulnerability in Fidelis Network and Deception
Vulnerability in rconfig “date” enables an attacker with user level access to the CLI to inject root level commands into Fidelis Network and Deception CommandPost, Collector, Sensor, and Sandbox components as well as neighboring Fidelis components. The vulnerability is present in Fidelis Network...