cnvd - cnvd-2022-59170

CNVD-2022-59170

Vulnerability from cnvd - Published: 2022-08-25

Title

Fidelis Network Deception命令注入漏洞（CNVD-2022-59170）

Description

Fidelis Network Deception是美国Fidelis公司的一款安全产品。用于检测威胁并防止数据丢失，有检测恶意行为、识别流量异常、自动响应高级威胁等功能。 Fidelis Network Deception 9.4.5之前版本存在安全漏洞，该漏洞源于rconfig中的date存在问题。具有CLI用户级别访问权限的攻击者可利用该漏洞注入root级别的命令。

Severity

高

Patch Name

Fidelis Network Deception 命令注入漏洞的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://fidelissecurity.zendesk.com/hc/en-us/articles/6211730139411

Reference

https://fidelissecurity.zendesk.com/hc/en-us/articles/6211730139411

Impacted products

Name
Fidelis Fidelis Network Deception <9.4.5

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2022-24388",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2022-24388"
    }
  },
  "description": "Fidelis Network Deception\u662f\u7f8e\u56fdFidelis\u516c\u53f8\u7684\u4e00\u6b3e\u5b89\u5168\u4ea7\u54c1\u3002\u7528\u4e8e\u68c0\u6d4b\u5a01\u80c1\u5e76\u9632\u6b62\u6570\u636e\u4e22\u5931\uff0c\u6709\u68c0\u6d4b\u6076\u610f\u884c\u4e3a\u3001\u8bc6\u522b\u6d41\u91cf\u5f02\u5e38\u3001\u81ea\u52a8\u54cd\u5e94\u9ad8\u7ea7\u5a01\u80c1\u7b49\u529f\u80fd\u3002\n\nFidelis Network Deception 9.4.5\u4e4b\u524d\u7248\u672c\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8erconfig\u4e2d\u7684date\u5b58\u5728\u95ee\u9898\u3002\u5177\u6709CLI\u7528\u6237\u7ea7\u522b\u8bbf\u95ee\u6743\u9650\u7684\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6ce8\u5165root\u7ea7\u522b\u7684\u547d\u4ee4\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://fidelissecurity.zendesk.com/hc/en-us/articles/6211730139411",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2022-59170",
  "openTime": "2022-08-25",
  "patchDescription": "Fidelis Network Deception\u662f\u7f8e\u56fdFidelis\u516c\u53f8\u7684\u4e00\u6b3e\u5b89\u5168\u4ea7\u54c1\u3002\u7528\u4e8e\u68c0\u6d4b\u5a01\u80c1\u5e76\u9632\u6b62\u6570\u636e\u4e22\u5931\uff0c\u6709\u68c0\u6d4b\u6076\u610f\u884c\u4e3a\u3001\u8bc6\u522b\u6d41\u91cf\u5f02\u5e38\u3001\u81ea\u52a8\u54cd\u5e94\u9ad8\u7ea7\u5a01\u80c1\u7b49\u529f\u80fd\u3002\r\n\r\nFidelis Network Deception 9.4.5\u4e4b\u524d\u7248\u672c\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8erconfig\u4e2d\u7684date\u5b58\u5728\u95ee\u9898\u3002\u5177\u6709CLI\u7528\u6237\u7ea7\u522b\u8bbf\u95ee\u6743\u9650\u7684\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6ce8\u5165root\u7ea7\u522b\u7684\u547d\u4ee4\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Fidelis Network Deception \u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e \u7684\u8865\u4e01",
  "products": {
    "product": "Fidelis Fidelis Network Deception \u003c9.4.5"
  },
  "referenceLink": "https://fidelissecurity.zendesk.com/hc/en-us/articles/6211730139411",
  "serverity": "\u9ad8",
  "submitTime": "2022-05-19",
  "title": "Fidelis Network Deception\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\uff08CNVD-2022-59170\uff09"
}

CVE-2022-24388 (GCVE-0-2022-24388)

Vulnerability from cvelistv5 – Published: 2022-05-17 19:30 – Updated: 2024-09-16 20:17

Summary

Vulnerability in rconfig “date” enables an attacker with user level access to the CLI to inject root level commands into Fidelis Network and Deception CommandPost, Collector, Sensor, and Sandbox components as well as neighboring Fidelis components. The vulnerability is present in Fidelis Network and Deception versions prior to 9.4.5. Patches and updates are available to address this vulnerability.

Severity ?

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-78 - OS Command Injection

Assigner

Fidelis

References

URL

Tags

https://fidelissecurity.zendesk.com/hc/en-us/arti…

x_refsource_CONFIRM

Impacted products

Vendor

Product

Version

Fidelis Cybersecurity

Fidelis Network

Affected: Fidelis Network , < 9.4.5 (custom)

Fidelis Cybersecurity

Fidelis Deception

Affected: Fidelis Deception , < 9.4.5 (custom)

Credits

Ryan Wincey, Securifera

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T04:07:02.557Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://fidelissecurity.zendesk.com/hc/en-us/articles/6211730139411"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "CentOS"
          ],
          "product": "Fidelis Network",
          "vendor": "Fidelis Cybersecurity",
          "versions": [
            {
              "lessThan": "9.4.5",
              "status": "affected",
              "version": "Fidelis Network",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "CentOS"
          ],
          "product": "Fidelis Deception",
          "vendor": "Fidelis Cybersecurity",
          "versions": [
            {
              "lessThan": "9.4.5",
              "status": "affected",
              "version": "Fidelis Deception",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Ryan Wincey, Securifera"
        }
      ],
      "datePublic": "2022-05-16T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in rconfig \u201cdate\u201d enables an attacker with user level access to the CLI to inject root level commands into Fidelis Network and Deception CommandPost, Collector, Sensor, and Sandbox components as well as neighboring Fidelis components. The vulnerability is present in Fidelis Network and Deception versions prior to 9.4.5. Patches and updates are available to address this vulnerability."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "Root level access"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-78",
              "description": "CWE-78 OS Command Injection",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-05-17T19:30:26",
        "orgId": "11ea3a0d-87b4-4e67-a1fa-f5a6be5d6676",
        "shortName": "Fidelis"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://fidelissecurity.zendesk.com/hc/en-us/articles/6211730139411"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Apply patches or upgrade to latest version"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Authenticated Privileged Command Injection Vulnerability in Fidelis Network and Deception",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@fidelissecurity.com",
          "DATE_PUBLIC": "2022-05-16T15:30:00.000Z",
          "ID": "CVE-2022-24388",
          "STATE": "PUBLIC",
          "TITLE": "Authenticated Privileged Command Injection Vulnerability in Fidelis Network and Deception"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Fidelis Network",
                      "version": {
                        "version_data": [
                          {
                            "platform": "CentOS",
                            "version_affected": "\u003c",
                            "version_name": "Fidelis Network",
                            "version_value": "9.4.5"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Fidelis Deception",
                      "version": {
                        "version_data": [
                          {
                            "platform": "CentOS",
                            "version_affected": "\u003c",
                            "version_name": "Fidelis Deception",
                            "version_value": "9.4.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Fidelis Cybersecurity"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Ryan Wincey, Securifera"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in rconfig \u201cdate\u201d enables an attacker with user level access to the CLI to inject root level commands into Fidelis Network and Deception CommandPost, Collector, Sensor, and Sandbox components as well as neighboring Fidelis components. The vulnerability is present in Fidelis Network and Deception versions prior to 9.4.5. Patches and updates are available to address this vulnerability."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "Root level access"
          }
        ],
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-78 OS Command Injection"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://fidelissecurity.zendesk.com/hc/en-us/articles/6211730139411",
              "refsource": "CONFIRM",
              "url": "https://fidelissecurity.zendesk.com/hc/en-us/articles/6211730139411"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "Apply patches or upgrade to latest version"
          }
        ],
        "source": {
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "11ea3a0d-87b4-4e67-a1fa-f5a6be5d6676",
    "assignerShortName": "Fidelis",
    "cveId": "CVE-2022-24388",
    "datePublished": "2022-05-17T19:30:26.070523Z",
    "dateReserved": "2022-02-03T00:00:00",
    "dateUpdated": "2024-09-16T20:17:22.513Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2022-59170

CVE-2022-24388 (GCVE-0-2022-24388)

Tags

Sightings

Nomenclature