Fidelissecurity Deception — known CVE vulnerabilities
Every CVE whose affected-product data names Fidelissecurity Deception, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (13)
CVE-2021-35047 — CVSS 9.9 (critical): Vulnerability in the CommandPost, Collector, and Sensor components of Fidelis Network and Deception enables an attacker with user level…
CVE-2021-35049 — CVSS 9.9 (critical): Vulnerability in Fidelis Network and Deception CommandPost enables authenticated command injection through the web interface. The…
CVE-2021-35048 — CVSS 9.8 (critical): Vulnerability in Fidelis Network and Deception CommandPost enables unauthenticated SQL injection through the web interface. The…
CVE-2022-24394 — CVSS 8.8 (high): Vulnerability in Fidelis Network and Deception CommandPost enables authenticated command injection through the web interface using the…
CVE-2022-24391 — CVSS 8.8 (high): Vulnerability in Fidelis Network and Deception CommandPost enables SQL injection through the web interface by an attacker with user level…
CVE-2022-24392 — CVSS 8.8 (high): Vulnerability in Fidelis Network and Deception CommandPost enables authenticated command injection through the web interface using the…
CVE-2022-24393 — CVSS 8.8 (high): Vulnerability in Fidelis Network and Deception CommandPost enables authenticated command injection through the web interface using the…
CVE-2022-24388 — CVSS 8.8 (high): Vulnerability in rconfig “date” enables an attacker with user level access to the CLI to inject root level commands into Fidelis…
CVE-2022-24389 — CVSS 8.8 (high): Vulnerability in rconfig “cert_utils” enables an attacker with user level access to the CLI to inject root level commands into Fidelis…
CVE-2022-24390 — CVSS 8.8 (high): Vulnerability in rconfig “remote_text_file” enables an attacker with user level access to the CLI to inject user level commands into…
CVE-2021-35050 — CVSS 6.5 (medium): User credentials stored in a recoverable format within Fidelis Network and Deception CommandPost. In the event that an attacker gains…
CVE-2022-0486 — CVSS 4.4 (medium): Improper file permissions in the CommandPost, Collector, Sensor, and Sandbox components of Fidelis Network and Deception enables an…
CVE-2022-0997 — CVSS 3.9 (low): Improper file permissions in the CommandPost, Collector, and Sensor components of Fidelis Network and Deception enables an attacker with…