CVE-2022-0486

Improper file permissions in the CommandPost, Collector, Sensor, and Sandbox components of Fidelis Network and Deception enables an attacker with local, administrative access to the CLI to modify affected files and enable escalation of privileges equivalent to the root user. The vulnerability is present in Fidelis Network and Deception versions prior to 9.4.5. Patches and updates are available to address this vulnerability.
References
Link Resource
https://fidelissecurity.zendesk.com/hc/en-us/articles/6211730139411 Permissions Required Vendor Advisory
https://fidelissecurity.zendesk.com/hc/en-us/articles/6211730139411 Permissions Required Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:fidelissecurity:deception:*:*:*:*:*:*:*:*
cpe:2.3:a:fidelissecurity:network:*:*:*:*:*:*:*:*

History

21 Nov 2024, 06:38

Type Values Removed Values Added
CVSS v2 : 7.2
v3 : 7.8
v2 : 7.2
v3 : 4.4
References () https://fidelissecurity.zendesk.com/hc/en-us/articles/6211730139411 - Permissions Required, Vendor Advisory () https://fidelissecurity.zendesk.com/hc/en-us/articles/6211730139411 - Permissions Required, Vendor Advisory

Information

Published : 2022-05-17 20:15

Updated : 2024-11-21 06:38


NVD link : CVE-2022-0486

Mitre link : CVE-2022-0486

CVE.ORG link : CVE-2022-0486


JSON object : View

Products Affected

fidelissecurity

  • network
  • deception
CWE
CWE-276

Incorrect Default Permissions