Fidelis Cybersecurity Fidelis Deception vulnerabilities
13 known vulnerabilities affecting fidelis_cybersecurity/fidelis_deception.
Total CVEs
13
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH12
Vulnerabilities
Page 1 of 1
CVE-2021-35048P2CRITICALCVSS 9.8vFidelis Deception 9.4≥ Fidelis Deception, < 9.3.72021-06-25
CVE-2021-35048 [CRITICAL] CWE-89 CVE-2021-35048: Vulnerability in Fidelis Network and Deception CommandPost enables unauthenticated SQL injection thr
Vulnerability in Fidelis Network and Deception CommandPost enables unauthenticated SQL injection through the web interface. The vulnerability could lead to exposure of authentication tokens in some versions of Fidelis software. The vulnerability is present in Fidelis Network and Deception versions prior to 9.3.7 and in version 9.4. Patches and upda
nvd
CVE-2021-35049P2HIGHCVSS 8.8vFidelis Deception 9.4≥ Fidelis Deception, < 9.3.72021-06-25
CVE-2021-35049 [HIGH] CWE-89 CVE-2021-35049: Vulnerability in Fidelis Network and Deception CommandPost enables authenticated command injection t
Vulnerability in Fidelis Network and Deception CommandPost enables authenticated command injection through the web interface. The vulnerability could allow a specially crafted HTTP request to execute system commands on the CommandPost and return results in an HTTP response in an authenticated session. The vulnerability is present in Fidelis Network and
nvd
CVE-2022-24394P3HIGHCVSS 8.8≥ Fidelis Deception, < 9.4.52022-05-17
CVE-2022-24394 [HIGH] CWE-78 CVE-2022-24394: Vulnerability in Fidelis Network and Deception CommandPost enables authenticated command injection t
Vulnerability in Fidelis Network and Deception CommandPost enables authenticated command injection through the web interface using the “update_checkfile” value for the “filename” parameter. The vulnerability could allow a specially crafted HTTP request to execute system commands on the CommandPost and return results in an HTTP response via an authentic
nvd
CVE-2022-24392P3HIGHCVSS 8.8≥ Fidelis Deception, < 9.4.52022-05-17
CVE-2022-24392 [HIGH] CWE-78 CVE-2022-24392: Vulnerability in Fidelis Network and Deception CommandPost enables authenticated command injection t
Vulnerability in Fidelis Network and Deception CommandPost enables authenticated command injection through the web interface using the “feed_comm_test” value for the “feed” parameter. The vulnerability could allow a specially crafted HTTP request to execute system commands on the CommandPost and return results in an HTTP response via an authenticated s
nvd
CVE-2022-24393P3HIGHCVSS 8.8≥ Fidelis Deception, < 9.4.52022-05-17
CVE-2022-24393 [HIGH] CWE-78 CVE-2022-24393: Vulnerability in Fidelis Network and Deception CommandPost enables authenticated command injection t
Vulnerability in Fidelis Network and Deception CommandPost enables authenticated command injection through the web interface using the “check_vertica_upgrade” value for the “cpIp” parameter. The vulnerability could allow a specially crafted HTTP request to execute system commands on the CommandPost and return results in an HTTP response via an authenti
nvd
CVE-2021-35047P3HIGHCVSS 8.8vFidelis Deception 9.4≥ Fidelis Deception, < 9.3.72021-06-25
CVE-2021-35047 [HIGH] CWE-78 CVE-2021-35047: Vulnerability in the CommandPost, Collector, and Sensor components of Fidelis Network and Deception
Vulnerability in the CommandPost, Collector, and Sensor components of Fidelis Network and Deception enables an attacker with user level access to the CLI to inject root level commands into the component and neighboring Fidelis components. The vulnerability is present in Fidelis Network and Deception versions prior to 9.3.7 and in version 9.4. Patches an
nvd
CVE-2022-24388P3HIGHCVSS 8.8≥ Fidelis Deception, < 9.4.52022-05-17
CVE-2022-24388 [HIGH] CWE-78 CVE-2022-24388: Vulnerability in rconfig “date” enables an attacker with user level access to the CLI to inject root
Vulnerability in rconfig “date” enables an attacker with user level access to the CLI to inject root level commands into Fidelis Network and Deception CommandPost, Collector, Sensor, and Sandbox components as well as neighboring Fidelis components. The vulnerability is present in Fidelis Network and Deception versions prior to 9.4.5. Patches and update
nvd
CVE-2022-24389P3HIGHCVSS 8.8≥ Fidelis Deception, < 9.4.52022-05-17
CVE-2022-24389 [HIGH] CWE-78 CVE-2022-24389: Vulnerability in rconfig “cert_utils” enables an attacker with user level access to the CLI to injec
Vulnerability in rconfig “cert_utils” enables an attacker with user level access to the CLI to inject root level commands into Fidelis Network and Deception CommandPost, Collector, Sensor, and Sandbox components as well as neighboring Fidelis components. The vulnerability is present in Fidelis Network and Deception versions prior to 9.4.5. Patches and
nvd
CVE-2022-24391P3HIGHCVSS 8.8≥ Fidelis Deception, < 9.4.52022-05-17
CVE-2022-24391 [HIGH] CWE-89 CVE-2022-24391: Vulnerability in Fidelis Network and Deception CommandPost enables SQL injection through the web int
Vulnerability in Fidelis Network and Deception CommandPost enables SQL injection through the web interface by an attacker with user level access. The vulnerability is present in Fidelis Network and Deception versions prior to 9.4.5. Patches and updates are available to address this vulnerability.
nvd
CVE-2022-24390P3HIGHCVSS 8.8≥ Fidelis Deception, < 9.4.52022-05-17
CVE-2022-24390 [HIGH] CWE-78 CVE-2022-24390: Vulnerability in rconfig “remote_text_file” enables an attacker with user level access to the CLI to
Vulnerability in rconfig “remote_text_file” enables an attacker with user level access to the CLI to inject user level commands into Fidelis Network and Deception CommandPost, Collector, Sensor, and Sandbox components as well as neighboring Fidelis components. The vulnerability is present in Fidelis Network and Deception versions prior to 9.4.5. Patche
nvd
CVE-2022-0997P3HIGHCVSS 7.8≥ Fidelis Deception, < 9.4.52022-05-17
CVE-2022-0997 [HIGH] CWE-276 CVE-2022-0997: Improper file permissions in the CommandPost, Collector, and Sensor components of Fidelis Network an
Improper file permissions in the CommandPost, Collector, and Sensor components of Fidelis Network and Deception enables an attacker with local, administrative access to the CLI to modify affected script files, which could result in arbitrary commands being run as root upon subsequent logon by a root user. The vulnerability is present in Fidelis Network
nvd
CVE-2021-35050P3HIGHCVSS 7.5≥ Fidelis Deception, < 9.3.32021-06-25
CVE-2021-35050 [HIGH] CWE-257 CVE-2021-35050: User credentials stored in a recoverable format within Fidelis Network and Deception CommandPost. In
User credentials stored in a recoverable format within Fidelis Network and Deception CommandPost. In the event that an attacker gains access to the CommandPost, these values could be decoded and used to login to the application. The vulnerability is present in Fidelis Network and Deception versions prior to 9.3.3. This vulnerability has been addressed
nvd
CVE-2022-0486P3HIGHCVSS 7.8≥ Fidelis Deception, < 9.4.52022-05-17
CVE-2022-0486 [HIGH] CWE-276 CVE-2022-0486: Improper file permissions in the CommandPost, Collector, Sensor, and Sandbox components of Fidelis N
Improper file permissions in the CommandPost, Collector, Sensor, and Sandbox components of Fidelis Network and Deception enables an attacker with local, administrative access to the CLI to modify affected files and enable escalation of privileges equivalent to the root user. The vulnerability is present in Fidelis Network and Deception versions prior to
nvd