Improper file permissions in the CommandPost, Collector, Sensor, and Sandbox components of Fidelis Network and Deception enables an attacker with local, administrative access to the CLI to modify affected files and enable escalation of privileges equivalent to the root user. The vulnerability is present in Fidelis Network and Deception versions prior to 9.4.5. Patches and updates are available to address this vulnerability.
References
Link | Resource |
---|---|
https://fidelissecurity.zendesk.com/hc/en-us/articles/6211730139411 | Permissions Required Vendor Advisory |
https://fidelissecurity.zendesk.com/hc/en-us/articles/6211730139411 | Permissions Required Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 06:38
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 7.2
v3 : 4.4 |
References | () https://fidelissecurity.zendesk.com/hc/en-us/articles/6211730139411 - Permissions Required, Vendor Advisory |
Information
Published : 2022-05-17 20:15
Updated : 2024-11-21 06:38
NVD link : CVE-2022-0486
Mitre link : CVE-2022-0486
CVE.ORG link : CVE-2022-0486
JSON object : View
Products Affected
fidelissecurity
- network
- deception
CWE
CWE-276
Incorrect Default Permissions