Skip to main content

Deception

13 CVEs product

Monthly

CVE-2022-24394 HIGH This Week

Vulnerability in Fidelis Network and Deception CommandPost enables authenticated command injection through the web interface using the “update_checkfile” value for the “filename” parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Deception Network
NVD
CVSS 3.1
8.8
EPSS
2.5%
CVE-2022-24393 HIGH This Week

Vulnerability in Fidelis Network and Deception CommandPost enables authenticated command injection through the web interface using the “check_vertica_upgrade” value for the “cpIp” parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Deception Network
NVD
CVSS 3.1
8.8
EPSS
2.5%
CVE-2022-24392 HIGH This Week

Vulnerability in Fidelis Network and Deception CommandPost enables authenticated command injection through the web interface using the “feed_comm_test” value for the “feed” parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Deception Network
NVD
CVSS 3.1
8.8
EPSS
2.5%
CVE-2022-24391 HIGH This Week

Vulnerability in Fidelis Network and Deception CommandPost enables SQL injection through the web interface by an attacker with user level access. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Deception Network
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-24390 HIGH This Week

Vulnerability in rconfig “remote_text_file” enables an attacker with user level access to the CLI to inject user level commands into Fidelis Network and Deception CommandPost, Collector, Sensor, and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Deception Network
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2022-24389 HIGH This Week

Vulnerability in rconfig “cert_utils” enables an attacker with user level access to the CLI to inject root level commands into Fidelis Network and Deception CommandPost, Collector, Sensor, and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Deception Network
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2022-24388 HIGH This Week

Vulnerability in rconfig “date” enables an attacker with user level access to the CLI to inject root level commands into Fidelis Network and Deception CommandPost, Collector, Sensor, and Sandbox. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Deception Network
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2022-0997 HIGH This Week

Improper file permissions in the CommandPost, Collector, and Sensor components of Fidelis Network and Deception enables an attacker with local, administrative access to the CLI to modify affected. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Deception Network
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-0486 HIGH This Week

Improper file permissions in the CommandPost, Collector, Sensor, and Sandbox components of Fidelis Network and Deception enables an attacker with local, administrative access to the CLI to modify. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Deception Network
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-35050 HIGH POC This Week

User credentials stored in a recoverable format within Fidelis Network and Deception CommandPost. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Deception Network
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-35049 HIGH POC This Week

Vulnerability in Fidelis Network and Deception CommandPost enables authenticated command injection through the web interface. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Command Injection Deception Network
NVD
CVSS 3.1
8.8
EPSS
4.6%
CVE-2021-35048 CRITICAL POC Act Now

Vulnerability in Fidelis Network and Deception CommandPost enables unauthenticated SQL injection through the web interface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Deception Network
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2021-35047 HIGH POC This Week

Vulnerability in the CommandPost, Collector, and Sensor components of Fidelis Network and Deception enables an attacker with user level access to the CLI to inject root level commands into the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Deception Network
NVD
CVSS 3.1
8.8
EPSS
1.6%
EPSS 2% CVSS 8.8
HIGH This Week

Vulnerability in Fidelis Network and Deception CommandPost enables authenticated command injection through the web interface using the “update_checkfile” value for the “filename” parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Deception Network
NVD
EPSS 3% CVSS 8.8
HIGH This Week

Vulnerability in Fidelis Network and Deception CommandPost enables authenticated command injection through the web interface using the “check_vertica_upgrade” value for the “cpIp” parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Deception Network
NVD
EPSS 3% CVSS 8.8
HIGH This Week

Vulnerability in Fidelis Network and Deception CommandPost enables authenticated command injection through the web interface using the “feed_comm_test” value for the “feed” parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Deception Network
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Vulnerability in Fidelis Network and Deception CommandPost enables SQL injection through the web interface by an attacker with user level access. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Deception Network
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Vulnerability in rconfig “remote_text_file” enables an attacker with user level access to the CLI to inject user level commands into Fidelis Network and Deception CommandPost, Collector, Sensor, and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Deception Network
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Vulnerability in rconfig “cert_utils” enables an attacker with user level access to the CLI to inject root level commands into Fidelis Network and Deception CommandPost, Collector, Sensor, and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Deception Network
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Vulnerability in rconfig “date” enables an attacker with user level access to the CLI to inject root level commands into Fidelis Network and Deception CommandPost, Collector, Sensor, and Sandbox. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Deception Network
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Improper file permissions in the CommandPost, Collector, and Sensor components of Fidelis Network and Deception enables an attacker with local, administrative access to the CLI to modify affected. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Deception Network
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Improper file permissions in the CommandPost, Collector, Sensor, and Sandbox components of Fidelis Network and Deception enables an attacker with local, administrative access to the CLI to modify. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Deception Network
NVD
EPSS 1% CVSS 7.5
HIGH POC This Week

User credentials stored in a recoverable format within Fidelis Network and Deception CommandPost. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Deception Network
NVD
EPSS 5% CVSS 8.8
HIGH POC This Week

Vulnerability in Fidelis Network and Deception CommandPost enables authenticated command injection through the web interface. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Command Injection Deception +1
NVD
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

Vulnerability in Fidelis Network and Deception CommandPost enables unauthenticated SQL injection through the web interface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Deception Network
NVD
EPSS 2% CVSS 8.8
HIGH POC This Week

Vulnerability in the CommandPost, Collector, and Sensor components of Fidelis Network and Deception enables an attacker with user level access to the CLI to inject root level commands into the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Deception Network
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy