CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2022-0486 – Privileged Command Injection Vulnerability in Fidelis Network and Deception
https://notcve.org/view.php?id=CVE-2022-0486
17 May 2022 — Improper file permissions in the CommandPost, Collector, Sensor, and Sandbox components of Fidelis Network and Deception enables an attacker with local, administrative access to the CLI to modify affected files and enable escalation of privileges equivalent to the root user. The vulnerability is present in Fidelis Network and Deception versions prior to 9.4.5. Patches and updates are available to address this vulnerability. Unos permisos de archivo inapropiados en los componentes CommandPost, Collector, Sen... • https://github.com/henryreed/CVE-2022-0486 • CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2022-0997 – Local Privilege Escalation Vulnerability in Fidelis Network and Deception
https://notcve.org/view.php?id=CVE-2022-0997
17 May 2022 — Improper file permissions in the CommandPost, Collector, and Sensor components of Fidelis Network and Deception enables an attacker with local, administrative access to the CLI to modify affected script files, which could result in arbitrary commands being run as root upon subsequent logon by a root user. The vulnerability is present in Fidelis Network and Deception versions prior to 9.4.5. Patches and updates are available to address this vulnerability. Unos permisos de archivo inapropiados en los componen... • https://github.com/henryreed/CVE-2022-0997 • CWE-276: Incorrect Default Permissions •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-24388 – Authenticated Privileged Command Injection Vulnerability in Fidelis Network and Deception
https://notcve.org/view.php?id=CVE-2022-24388
17 May 2022 — Vulnerability in rconfig “date” enables an attacker with user level access to the CLI to inject root level commands into Fidelis Network and Deception CommandPost, Collector, Sensor, and Sandbox components as well as neighboring Fidelis components. The vulnerability is present in Fidelis Network and Deception versions prior to 9.4.5. Patches and updates are available to address this vulnerability. Una vulnerabilidad en rconfig "date" permite a un atacante con acceso de nivel de usuario a la CLI inyectar com... • https://fidelissecurity.zendesk.com/hc/en-us/articles/6211730139411 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-24389 – Authenticated Privileged Command Injection Vulnerability in Fidelis Network and Deception
https://notcve.org/view.php?id=CVE-2022-24389
17 May 2022 — Vulnerability in rconfig “cert_utils” enables an attacker with user level access to the CLI to inject root level commands into Fidelis Network and Deception CommandPost, Collector, Sensor, and Sandbox components as well as neighboring Fidelis components. The vulnerability is present in Fidelis Network and Deception versions prior to 9.4.5. Patches and updates are available to address this vulnerability. Una vulnerabilidad en rconfig "cert_utils" permite a un atacante con acceso de nivel de usuario a la CLI ... • https://fidelissecurity.zendesk.com/hc/en-us/articles/6211730139411 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-24390 – Authenticated Command Injection Vulnerability in Fidelis Network and Deception
https://notcve.org/view.php?id=CVE-2022-24390
17 May 2022 — Vulnerability in rconfig “remote_text_file” enables an attacker with user level access to the CLI to inject user level commands into Fidelis Network and Deception CommandPost, Collector, Sensor, and Sandbox components as well as neighboring Fidelis components. The vulnerability is present in Fidelis Network and Deception versions prior to 9.4.5. Patches and updates are available to address this vulnerability. Una vulnerabilidad en rconfig "remote_text_file" permite a un atacante con acceso a nivel de usuari... • https://fidelissecurity.zendesk.com/hc/en-us/articles/6211730139411 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-24391 – Authenticated SQL Injection Vulnerability in Fidelis Network and Deception
https://notcve.org/view.php?id=CVE-2022-24391
17 May 2022 — Vulnerability in Fidelis Network and Deception CommandPost enables SQL injection through the web interface by an attacker with user level access. The vulnerability is present in Fidelis Network and Deception versions prior to 9.4.5. Patches and updates are available to address this vulnerability. Una vulnerabilidad en Fidelis Network y Deception CommandPost permite una inyección SQL mediante la interfaz web por parte de un atacante con acceso a nivel de usuario. La vulnerabilidad está presente en Fidelis Ne... • https://fidelissecurity.zendesk.com/hc/en-us/articles/6211730139411 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-24392 – Authenticated Command Injection Vulnerability in Fidelis Network and Deception
https://notcve.org/view.php?id=CVE-2022-24392
17 May 2022 — Vulnerability in Fidelis Network and Deception CommandPost enables authenticated command injection through the web interface using the “feed_comm_test” value for the “feed” parameter. The vulnerability could allow a specially crafted HTTP request to execute system commands on the CommandPost and return results in an HTTP response via an authenticated session. The vulnerability is present in Fidelis Network and Deception versions prior to 9.4.5. Patches and updates are available to address this vulnerability... • https://fidelissecurity.zendesk.com/hc/en-us/articles/6211730139411 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-24393 – Authenticated Command Injection Vulnerability in Fidelis Network and Deception
https://notcve.org/view.php?id=CVE-2022-24393
17 May 2022 — Vulnerability in Fidelis Network and Deception CommandPost enables authenticated command injection through the web interface using the “check_vertica_upgrade” value for the “cpIp” parameter. The vulnerability could allow a specially crafted HTTP request to execute system commands on the CommandPost and return results in an HTTP response via an authenticated session. The vulnerability is present in Fidelis Network and Deception versions prior to 9.4.5. Patches and updates are available to address this vulner... • https://fidelissecurity.zendesk.com/hc/en-us/articles/6211730139411 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-24394 – Authenticated Command Injection Vulnerability in Fidelis Network and Deception
https://notcve.org/view.php?id=CVE-2022-24394
17 May 2022 — Vulnerability in Fidelis Network and Deception CommandPost enables authenticated command injection through the web interface using the “update_checkfile” value for the “filename” parameter. The vulnerability could allow a specially crafted HTTP request to execute system commands on the CommandPost and return results in an HTTP response via an authenticated session. The vulnerability is present in Fidelis Network and Deception versions prior to 9.4.5. Patches and updates are available to address this vulnera... • https://fidelissecurity.zendesk.com/hc/en-us/articles/6211730139411 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.9EPSS: 1%CPEs: 4EXPL: 1CVE-2021-35049 – Command Injection Vulnerability in Fidelis Network and Deception
https://notcve.org/view.php?id=CVE-2021-35049
25 Jun 2021 — Vulnerability in Fidelis Network and Deception CommandPost enables authenticated command injection through the web interface. The vulnerability could allow a specially crafted HTTP request to execute system commands on the CommandPost and return results in an HTTP response in an authenticated session. The vulnerability is present in Fidelis Network and Deception versions prior to 9.3.7 and in version 9.4. Patches and updates are available to address this vulnerability. Una vulnerabilidad en Fidelis Network ... • https://support.fidelissecurity.com/hc/en-us/categories/360001842694-Advisories-News-and-Policies • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •