Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
fidelissecurity deception vulnerabilities and exploits
(subscribe to this query)
9
CVSSv2
CVE-2021-35047
Vulnerability in the CommandPost, Collector, and Sensor components of Fidelis Network and Deception enables an attacker with user level access to the CLI to inject root level commands into the component and neighboring Fidelis components. The vulnerability is present in Fidelis N...
Fidelissecurity Network
Fidelissecurity Deception
Fidelissecurity Deception 9.4
Fidelissecurity Network 9.4
7.5
CVSSv2
CVE-2021-35048
Vulnerability in Fidelis Network and Deception CommandPost enables unauthenticated SQL injection through the web interface. The vulnerability could lead to exposure of authentication tokens in some versions of Fidelis software. The vulnerability is present in Fidelis Network and ...
Fidelissecurity Network
Fidelissecurity Deception
Fidelissecurity Deception 9.4
Fidelissecurity Network 9.4
6.5
CVSSv2
CVE-2021-35049
Vulnerability in Fidelis Network and Deception CommandPost enables authenticated command injection through the web interface. The vulnerability could allow a specially crafted HTTP request to execute system commands on the CommandPost and return results in an HTTP response in an ...
Fidelissecurity Network
Fidelissecurity Deception
Fidelissecurity Deception 9.4
Fidelissecurity Network 9.4
9
CVSSv2
CVE-2022-24388
Vulnerability in rconfig “date” enables an attacker with user level access to the CLI to inject root level commands into Fidelis Network and Deception CommandPost, Collector, Sensor, and Sandbox components as well as neighboring Fidelis components. The vulnerability i...
Fidelissecurity Deception
Fidelissecurity Network
6.5
CVSSv2
CVE-2022-24390
Vulnerability in rconfig “remote_text_file” enables an attacker with user level access to the CLI to inject user level commands into Fidelis Network and Deception CommandPost, Collector, Sensor, and Sandbox components as well as neighboring Fidelis components. The vul...
Fidelissecurity Deception
Fidelissecurity Network
9
CVSSv2
CVE-2022-24393
Vulnerability in Fidelis Network and Deception CommandPost enables authenticated command injection through the web interface using the “check_vertica_upgrade” value for the “cpIp” parameter. The vulnerability could allow a specially crafted HTTP request to...
Fidelissecurity Deception
Fidelissecurity Network
7.2
CVSSv2
CVE-2022-0997
Improper file permissions in the CommandPost, Collector, and Sensor components of Fidelis Network and Deception enables an attacker with local, administrative access to the CLI to modify affected script files, which could result in arbitrary commands being run as root upon subseq...
Fidelissecurity Deception
Fidelissecurity Network
1 Github repository
6.5
CVSSv2
CVE-2022-24391
Vulnerability in Fidelis Network and Deception CommandPost enables SQL injection through the web interface by an attacker with user level access. The vulnerability is present in Fidelis Network and Deception versions before 9.4.5. Patches and updates are available to address this...
Fidelissecurity Deception
Fidelissecurity Network
5
CVSSv2
CVE-2021-35050
User credentials stored in a recoverable format within Fidelis Network and Deception CommandPost. In the event that an attacker gains access to the CommandPost, these values could be decoded and used to login to the application. The vulnerability is present in Fidelis Network and...
Fidelissecurity Deception
Fidelissecurity Network
9
CVSSv2
CVE-2022-24389
Vulnerability in rconfig “cert_utils” enables an attacker with user level access to the CLI to inject root level commands into Fidelis Network and Deception CommandPost, Collector, Sensor, and Sandbox components as well as neighboring Fidelis components. The vulnerabi...
Fidelissecurity Deception
Fidelissecurity Network
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27802
template injection
CVE-2024-0044
code injection
CVE-2024-35474
CVE-2024-27857
CVE-2024-23251
CVE-2024-23692
physical
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »