Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Command Injection Vulnerability in Fidelis Network and Deception
Vulnerability Description
Vulnerability in Fidelis Network and Deception CommandPost enables authenticated command injection through the web interface. The vulnerability could allow a specially crafted HTTP request to execute system commands on the CommandPost and return results in an HTTP response in an authenticated session. The vulnerability is present in Fidelis Network and Deception versions prior to 9.3.7 and in version 9.4. Patches and updates are available to address this vulnerability.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Vulnerability Type
SQL命令中使用的特殊元素转义处理不恰当(SQL注入)
Vulnerability Title
Fidelis Network Deception 操作系统命令注入漏洞
Vulnerability Description
Fidelis Network Deception是美国Fidelis公司的一款安全产品。用于检测威胁并防止数据丢失,有检测恶意行为、识别流量异常、自动响应高级威胁等功能。 Fidelis Network Deception 存在操作系统命令注入漏洞,该漏洞源于Fidelis Network 和 Deception CommandPost 中的漏洞可通过 Web 界面启用经过身份验证的命令注入。 攻击者可利用该漏洞允许特制的 HTTP 请求在 CommandPost 上执行系统命令,并在经过身份验证的会话
CVSS Information
N/A
Vulnerability Type
N/A