13 matches found
CVE-2022-24391
CVE-2022-24391 affects Fidelis Network and Deception CommandPost. The web interface is vulnerable to SQL injection when accessed by a user with basic (user) privileges, potentially enabling malicious input to alter queries. Affected versions are Fidelis Network and Deception prior to 9.4.5. Patch...
CVE-2022-24393
The vulnerability CVE-2022-24393 affects Fidelis Network and Deception CommandPost. It allows authenticated command injection via the web interface by abusing the check_vertica_upgrade value for the cpIp parameter. An attacker with an authenticated session could craft an HTTP request to execute s...
CVE-2022-24390
The CVE concerns Fidelis Network and Deception products with a vulnerability in rconfig’s remote_text_file that, on versions prior to 9.4.5, allows an attacker with CLI user-level access to inject commands into Fidelis components (CommandPost, Collector, Sensor, Sandbox) and neighboring Fidelis c...
CVE-2022-24392
CVE-2022-24392 affects Fidelis Network and Deception CommandPost. The vulnerability allows authenticated command injection via the web interface when using feed_comm_test for the feed parameter; a crafted HTTP request could execute system commands on CommandPost and return results over HTTP withi...
CVE-2022-24389
CVE-2022-24389 describes an authenticated command-injection vulnerability in Fidelis Network and Deception components (CommandPost, Collector, Sensor, Sandbox) due to a flaw in rconfig cert_utils. An attacker with user-level CLI access can inject root-level commands, affecting versions prior to 9...
CVE-2022-0486
CVE-2022-0486 affects Fidelis Network and Deception components (CommandPost, Collector, Sensor, Sandbox) where improper file permissions allow a locally privileged attacker to modify affected files and escalate to root. Affected versions are Fidelis Network and Deception prior to 9.4.5; patches/u...
CVE-2022-24394
Summary of CVE-2022-24394 (Fidelis Network/Deception CommandPost) : A command-injection vulnerability exists in Fidelis Network Deception CommandPost via the update_checkfile value of the filename parameter. The issue permits an authenticated attacker to craft an HTTP request that executes system...
CVE-2022-24388
CVE-2022-24388 involves Fidelis Network and Fidelis Deception components (CommandPost, Collector, Sensor, Sandbox, and neighboring Fidelis components) with a vulnerability rooted in rconfig date handling. Versions prior to 9.4.5 are affected. An attacker who already has CLI user-level access can ...
CVE-2022-0997
CVE-2022-0997 affects Fidelis Network and Deception components (CommandPost, Collector, Sensor). The issue is improper file permissions that allow a locally authenticated, admin user to modify affected script files, enabling arbitrary commands to execute as root upon a root user’s subsequent logi...
CVE-2021-35049
The CVE concerns Fidelis Network and Deception CommandPost where an authenticated user could trigger a command injection via the web interface. Affected products are Fidelis Network and Deception versions prior to 9.3.7 and version 9.4. The root cause is an insecure handling of crafted HTTP reque...
CVE-2021-35048
CVE-2021-35048 affects Fidelis Network and Deception CommandPost, allowing unauthenticated SQL injection via the web interface. Affected: Fidelis Network and Deception versions prior to 9.3.7 and version 9.4. The flaw can lead to exposure of authentication tokens. Patches/updates exist to address...
CVE-2021-35050
CVE-2021-35050 affects Fidelis Network and Deception CommandPost. User credentials are stored in a recoverable format; if an attacker gains access to CommandPost, these values could be decoded to log in. Affected versions are Fidelis Network and Deception prior to 9.3.3; the issue is addressed in...
CVE-2021-35047
CVE-2021-35047 affects Fidelis Network and Deception, specifically the CommandPost, Collector, and Sensor components. The root cause is a privileged command injection vulnerability that allows an attacker with user-level CLI access to inject root-level commands into the component and neighboring ...