Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Privileged Command Injection Vulnerability in Fidelis Network and Deception
Vulnerability Description
Vulnerability in the CommandPost, Collector, and Sensor components of Fidelis Network and Deception enables an attacker with user level access to the CLI to inject root level commands into the component and neighboring Fidelis components. The vulnerability is present in Fidelis Network and Deception versions prior to 9.3.7 and in version 9.4. Patches and updates are available to address this vulnerability.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Vulnerability Title
Fidelis Network Deception 操作系统命令注入漏洞
Vulnerability Description
Fidelis Network Deception是美国Fidelis公司的一款安全产品。用于检测威胁并防止数据丢失,有检测恶意行为、识别流量异常、自动响应高级威胁等功能。 Fidelis Network Deception 存在安全漏洞,该漏洞源于Fidelis Network 和 Deception 的 CommandPost、Collector 和 Sensor 组件中的漏洞使具有 CLI 用户级访问权限的攻击者能够将根级命令注入到该组件和相邻的 Fidelis 组件中。
CVSS Information
N/A
Vulnerability Type
N/A