Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
fidelissecurity deception vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2021-35048
Vulnerability in Fidelis Network and Deception CommandPost enables unauthenticated SQL injection through the web interface. The vulnerability could lead to exposure of authentication tokens in some versions of Fidelis software. The vulnerability is present in Fidelis Network and ...
Fidelissecurity Deception
Fidelissecurity Deception 9.4
Fidelissecurity Network
Fidelissecurity Network 9.4
8.8
CVSSv3
CVE-2021-35047
Vulnerability in the CommandPost, Collector, and Sensor components of Fidelis Network and Deception enables an attacker with user level access to the CLI to inject root level commands into the component and neighboring Fidelis components. The vulnerability is present in Fidelis N...
Fidelissecurity Deception
Fidelissecurity Deception 9.4
Fidelissecurity Network
Fidelissecurity Network 9.4
8.8
CVSSv3
CVE-2021-35049
Vulnerability in Fidelis Network and Deception CommandPost enables authenticated command injection through the web interface. The vulnerability could allow a specially crafted HTTP request to execute system commands on the CommandPost and return results in an HTTP response in an ...
Fidelissecurity Network
Fidelissecurity Deception
Fidelissecurity Deception 9.4
Fidelissecurity Network 9.4
7.8
CVSSv3
CVE-2022-0997
Improper file permissions in the CommandPost, Collector, and Sensor components of Fidelis Network and Deception enables an attacker with local, administrative access to the CLI to modify affected script files, which could result in arbitrary commands being run as root upon subseq...
Fidelissecurity Deception
Fidelissecurity Network
1 Github repository
8.8
CVSSv3
CVE-2022-24390
Vulnerability in rconfig “remote_text_file” enables an attacker with user level access to the CLI to inject user level commands into Fidelis Network and Deception CommandPost, Collector, Sensor, and Sandbox components as well as neighboring Fidelis components. The vul...
Fidelissecurity Deception
Fidelissecurity Network
7.8
CVSSv3
CVE-2022-0486
Improper file permissions in the CommandPost, Collector, Sensor, and Sandbox components of Fidelis Network and Deception enables an attacker with local, administrative access to the CLI to modify affected files and enable escalation of privileges equivalent to the root user. The ...
Fidelissecurity Deception
Fidelissecurity Network
1 Github repository
8.8
CVSSv3
CVE-2022-24388
Vulnerability in rconfig “date” enables an attacker with user level access to the CLI to inject root level commands into Fidelis Network and Deception CommandPost, Collector, Sensor, and Sandbox components as well as neighboring Fidelis components. The vulnerability i...
Fidelissecurity Deception
Fidelissecurity Network
8.8
CVSSv3
CVE-2022-24391
Vulnerability in Fidelis Network and Deception CommandPost enables SQL injection through the web interface by an attacker with user level access. The vulnerability is present in Fidelis Network and Deception versions before 9.4.5. Patches and updates are available to address this...
Fidelissecurity Deception
Fidelissecurity Network
8.8
CVSSv3
CVE-2022-24394
Vulnerability in Fidelis Network and Deception CommandPost enables authenticated command injection through the web interface using the “update_checkfile” value for the “filename” parameter. The vulnerability could allow a specially crafted HTTP request to ...
Fidelissecurity Deception
Fidelissecurity Network
7.5
CVSSv3
CVE-2021-35050
User credentials stored in a recoverable format within Fidelis Network and Deception CommandPost. In the event that an attacker gains access to the CommandPost, these values could be decoded and used to login to the application. The vulnerability is present in Fidelis Network and...
Fidelissecurity Deception
Fidelissecurity Network
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-21991
CVE-2024-32674
path traversal
CVE-2023-21987
denial of service
dos
CVE-2024-4647
CVE-2024-25519
CVE-2024-33612
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »