Vulnerabilities > Fidelissecurity

DATE CVE VULNERABILITY TITLE RISK
2022-05-17 CVE-2022-0486 Incorrect Default Permissions vulnerability in Fidelissecurity Deception and Network
Improper file permissions in the CommandPost, Collector, Sensor, and Sandbox components of Fidelis Network and Deception enables an attacker with local, administrative access to the CLI to modify affected files and enable escalation of privileges equivalent to the root user.
local
low complexity
fidelissecurity CWE-276
7.2
2022-05-17 CVE-2022-0997 Incorrect Default Permissions vulnerability in Fidelissecurity Deception and Network
Improper file permissions in the CommandPost, Collector, and Sensor components of Fidelis Network and Deception enables an attacker with local, administrative access to the CLI to modify affected script files, which could result in arbitrary commands being run as root upon subsequent logon by a root user.
local
low complexity
fidelissecurity CWE-276
7.2
2022-05-17 CVE-2022-24388 Command Injection vulnerability in Fidelissecurity Deception and Network
Vulnerability in rconfig “date” enables an attacker with user level access to the CLI to inject root level commands into Fidelis Network and Deception CommandPost, Collector, Sensor, and Sandbox components as well as neighboring Fidelis components.
network
low complexity
fidelissecurity CWE-77
critical
9.0
2022-05-17 CVE-2022-24389 Command Injection vulnerability in Fidelissecurity Deception and Network
Vulnerability in rconfig “cert_utils” enables an attacker with user level access to the CLI to inject root level commands into Fidelis Network and Deception CommandPost, Collector, Sensor, and Sandbox components as well as neighboring Fidelis components.
network
low complexity
fidelissecurity CWE-77
critical
9.0
2022-05-17 CVE-2022-24390 Command Injection vulnerability in Fidelissecurity Deception and Network
Vulnerability in rconfig “remote_text_file” enables an attacker with user level access to the CLI to inject user level commands into Fidelis Network and Deception CommandPost, Collector, Sensor, and Sandbox components as well as neighboring Fidelis components.
network
low complexity
fidelissecurity CWE-77
6.5
2022-05-17 CVE-2022-24391 SQL Injection vulnerability in Fidelissecurity Deception and Network
Vulnerability in Fidelis Network and Deception CommandPost enables SQL injection through the web interface by an attacker with user level access.
network
low complexity
fidelissecurity CWE-89
6.5
2022-05-17 CVE-2022-24392 Command Injection vulnerability in Fidelissecurity Deception and Network
Vulnerability in Fidelis Network and Deception CommandPost enables authenticated command injection through the web interface using the “feed_comm_test” value for the “feed” parameter.
network
low complexity
fidelissecurity CWE-77
critical
9.0
2022-05-17 CVE-2022-24393 Command Injection vulnerability in Fidelissecurity Deception and Network
Vulnerability in Fidelis Network and Deception CommandPost enables authenticated command injection through the web interface using the “check_vertica_upgrade” value for the “cpIp” parameter.
network
low complexity
fidelissecurity CWE-77
critical
9.0
2022-05-17 CVE-2022-24394 Command Injection vulnerability in Fidelissecurity Deception and Network
Vulnerability in Fidelis Network and Deception CommandPost enables authenticated command injection through the web interface using the “update_checkfile” value for the “filename” parameter.
network
low complexity
fidelissecurity CWE-77
critical
9.0
2021-06-25 CVE-2021-35047 OS Command Injection vulnerability in Fidelissecurity Deception and Network
Vulnerability in the CommandPost, Collector, and Sensor components of Fidelis Network and Deception enables an attacker with user level access to the CLI to inject root level commands into the component and neighboring Fidelis components.
network
low complexity
fidelissecurity CWE-78
critical
9.0