CVE-2022-0997 (GCVE-0-2022-0997)

Vulnerability from cvelistv5 – Published: 2022-05-17 19:31 – Updated: 2024-09-17 01:51
VLAI?
Summary
Improper file permissions in the CommandPost, Collector, and Sensor components of Fidelis Network and Deception enables an attacker with local, administrative access to the CLI to modify affected script files, which could result in arbitrary commands being run as root upon subsequent logon by a root user. The vulnerability is present in Fidelis Network and Deception versions prior to 9.4.5. Patches and updates are available to address this vulnerability.
Severity ?
3.9 (Low)
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
CWE
  • CWE-276 - Incorrect Default Permissions
Assigner
References
Impacted products
Vendor Product Version
Fidelis Cybersecurity Fidelis Network Affected: Fidelis Network , < 9.4.5 (custom)
Create a notification for this product.
    Fidelis Cybersecurity Fidelis Deception Affected: Fidelis Deception , < 9.4.5 (custom)
Create a notification for this product.
Credits
Henry Reed, The Aerospace Corporation
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:47:43.252Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://fidelissecurity.zendesk.com/hc/en-us/articles/6211730139411"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "CentOS"
          ],
          "product": "Fidelis Network",
          "vendor": "Fidelis Cybersecurity",
          "versions": [
            {
              "lessThan": "9.4.5",
              "status": "affected",
              "version": "Fidelis Network",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "CentOS"
          ],
          "product": "Fidelis Deception",
          "vendor": "Fidelis Cybersecurity",
          "versions": [
            {
              "lessThan": "9.4.5",
              "status": "affected",
              "version": "Fidelis Deception",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Henry Reed, The Aerospace Corporation"
        }
      ],
      "datePublic": "2022-05-16T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Improper file permissions in the CommandPost, Collector, and Sensor components of Fidelis Network and Deception enables an attacker with local, administrative access to the CLI to modify affected script files, which could result in arbitrary commands being run as root upon subsequent logon by a root user. The vulnerability is present in Fidelis Network and Deception versions prior to 9.4.5. Patches and updates are available to address this vulnerability."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "Root level access"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 3.9,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-276",
              "description": "CWE-276 Incorrect Default Permissions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-05-17T19:31:43",
        "orgId": "11ea3a0d-87b4-4e67-a1fa-f5a6be5d6676",
        "shortName": "Fidelis"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://fidelissecurity.zendesk.com/hc/en-us/articles/6211730139411"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Apply patches or upgrade to latest version"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Local Privilege Escalation Vulnerability in Fidelis Network and Deception",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@fidelissecurity.com",
          "DATE_PUBLIC": "2022-05-16T15:30:00.000Z",
          "ID": "CVE-2022-0997",
          "STATE": "PUBLIC",
          "TITLE": "Local Privilege Escalation Vulnerability in Fidelis Network and Deception"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Fidelis Network",
                      "version": {
                        "version_data": [
                          {
                            "platform": "CentOS",
                            "version_affected": "\u003c",
                            "version_name": "Fidelis Network",
                            "version_value": "9.4.5"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Fidelis Deception",
                      "version": {
                        "version_data": [
                          {
                            "platform": "CentOS",
                            "version_affected": "\u003c",
                            "version_name": "Fidelis Deception",
                            "version_value": "9.4.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Fidelis Cybersecurity"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Henry Reed, The Aerospace Corporation"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Improper file permissions in the CommandPost, Collector, and Sensor components of Fidelis Network and Deception enables an attacker with local, administrative access to the CLI to modify affected script files, which could result in arbitrary commands being run as root upon subsequent logon by a root user. The vulnerability is present in Fidelis Network and Deception versions prior to 9.4.5. Patches and updates are available to address this vulnerability."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "Root level access"
          }
        ],
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 3.9,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-276 Incorrect Default Permissions"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://fidelissecurity.zendesk.com/hc/en-us/articles/6211730139411",
              "refsource": "CONFIRM",
              "url": "https://fidelissecurity.zendesk.com/hc/en-us/articles/6211730139411"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "Apply patches or upgrade to latest version"
          }
        ],
        "source": {
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "11ea3a0d-87b4-4e67-a1fa-f5a6be5d6676",
    "assignerShortName": "Fidelis",
    "cveId": "CVE-2022-0997",
    "datePublished": "2022-05-17T19:31:43.358303Z",
    "dateReserved": "2022-03-16T00:00:00",
    "dateUpdated": "2024-09-17T01:51:19.514Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fidelissecurity:deception:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"9.4.5\", \"matchCriteriaId\": \"B47023FD-5C7C-4A2C-BFF7-7800FB6A33FF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fidelissecurity:network:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"9.4.5\", \"matchCriteriaId\": \"3AF6ED2D-5AB3-4D21-AF34-9F0F517C46DD\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Improper file permissions in the CommandPost, Collector, and Sensor components of Fidelis Network and Deception enables an attacker with local, administrative access to the CLI to modify affected script files, which could result in arbitrary commands being run as root upon subsequent logon by a root user. The vulnerability is present in Fidelis Network and Deception versions prior to 9.4.5. Patches and updates are available to address this vulnerability.\"}, {\"lang\": \"es\", \"value\": \"Unos permisos de archivo inapropiados en los componentes CommandPost, Collector y Sensor de Fidelis Network and Deception permiten a un atacante con acceso local y administrativo a la CLI modificar los archivos de script afectados, lo que podr\\u00eda resultar en una ejecuci\\u00f3n de comandos arbitrarios como root tras el inicio de sesi\\u00f3n de un usuario root. La vulnerabilidad est\\u00e1 presente en Fidelis Network y Deception versiones anteriores a 9.4.5. Se presentan parches y actualizaciones disponibles para abordar esta vulnerabilidad\"}]",
      "id": "CVE-2022-0997",
      "lastModified": "2024-11-21T06:39:49.510",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"security@fidelissecurity.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N\", \"baseScore\": 3.9, \"baseSeverity\": \"LOW\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 1.3, \"impactScore\": 2.5}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:L/Au:N/C:C/I:C/A:C\", \"baseScore\": 7.2, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 3.9, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2022-05-17T20:15:08.127",
      "references": "[{\"url\": \"https://fidelissecurity.zendesk.com/hc/en-us/articles/6211730139411\", \"source\": \"security@fidelissecurity.com\", \"tags\": [\"Permissions Required\", \"Vendor Advisory\"]}, {\"url\": \"https://fidelissecurity.zendesk.com/hc/en-us/articles/6211730139411\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Permissions Required\", \"Vendor Advisory\"]}]",
      "sourceIdentifier": "security@fidelissecurity.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"security@fidelissecurity.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-276\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-276\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-0997\",\"sourceIdentifier\":\"security@fidelissecurity.com\",\"published\":\"2022-05-17T20:15:08.127\",\"lastModified\":\"2024-11-21T06:39:49.510\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Improper file permissions in the CommandPost, Collector, and Sensor components of Fidelis Network and Deception enables an attacker with local, administrative access to the CLI to modify affected script files, which could result in arbitrary commands being run as root upon subsequent logon by a root user. The vulnerability is present in Fidelis Network and Deception versions prior to 9.4.5. Patches and updates are available to address this vulnerability.\"},{\"lang\":\"es\",\"value\":\"Unos permisos de archivo inapropiados en los componentes CommandPost, Collector y Sensor de Fidelis Network and Deception permiten a un atacante con acceso local y administrativo a la CLI modificar los archivos de script afectados, lo que podr\u00eda resultar en una ejecuci\u00f3n de comandos arbitrarios como root tras el inicio de sesi\u00f3n de un usuario root. La vulnerabilidad est\u00e1 presente en Fidelis Network y Deception versiones anteriores a 9.4.5. Se presentan parches y actualizaciones disponibles para abordar esta vulnerabilidad\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security@fidelissecurity.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N\",\"baseScore\":3.9,\"baseSeverity\":\"LOW\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.3,\"impactScore\":2.5},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":7.2,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":3.9,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"security@fidelissecurity.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-276\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-276\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fidelissecurity:deception:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"9.4.5\",\"matchCriteriaId\":\"B47023FD-5C7C-4A2C-BFF7-7800FB6A33FF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fidelissecurity:network:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"9.4.5\",\"matchCriteriaId\":\"3AF6ED2D-5AB3-4D21-AF34-9F0F517C46DD\"}]}]}],\"references\":[{\"url\":\"https://fidelissecurity.zendesk.com/hc/en-us/articles/6211730139411\",\"source\":\"security@fidelissecurity.com\",\"tags\":[\"Permissions Required\",\"Vendor Advisory\"]},{\"url\":\"https://fidelissecurity.zendesk.com/hc/en-us/articles/6211730139411\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Permissions Required\",\"Vendor Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.