cnvd - cnvd-2022-59173

CNVD-2022-59173

Vulnerability from cnvd - Published: 2022-08-24

Title

Fidelis Network Deception命令注入漏洞

Description

Fidelis Network Deception是美国Fidelis公司的一款安全产品。用于检测威胁并防止数据丢失，有检测恶意行为、识别流量异常、自动响应高级威胁等功能。 Fidelis Network and Deception 9.4.5之前版本存在命令注入漏洞，该漏洞源于CommandPost的feed参数在使用feed_comm_test值时存在命令注入，攻击者可利用该漏洞通过特殊的HTTP请求执行系统命令。

Severity

高

Patch Name

Fidelis Network Deception命令注入漏洞的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://fidelissecurity.zendesk.com/hc/en-us/articles/6211730139411

Reference

https://fidelissecurity.zendesk.com/hc/en-us/articles/6211730139411

Impacted products

Name
Fidelis Fidelis Network and Deception <9.4.5

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2022-24392",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2022-24392"
    }
  },
  "description": "Fidelis Network Deception\u662f\u7f8e\u56fdFidelis\u516c\u53f8\u7684\u4e00\u6b3e\u5b89\u5168\u4ea7\u54c1\u3002\u7528\u4e8e\u68c0\u6d4b\u5a01\u80c1\u5e76\u9632\u6b62\u6570\u636e\u4e22\u5931\uff0c\u6709\u68c0\u6d4b\u6076\u610f\u884c\u4e3a\u3001\u8bc6\u522b\u6d41\u91cf\u5f02\u5e38\u3001\u81ea\u52a8\u54cd\u5e94\u9ad8\u7ea7\u5a01\u80c1\u7b49\u529f\u80fd\u3002\n\nFidelis Network and Deception 9.4.5\u4e4b\u524d\u7248\u672c\u5b58\u5728\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8eCommandPost\u7684feed\u53c2\u6570\u5728\u4f7f\u7528feed_comm_test\u503c\u65f6\u5b58\u5728\u547d\u4ee4\u6ce8\u5165\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7\u7279\u6b8a\u7684HTTP\u8bf7\u6c42\u6267\u884c\u7cfb\u7edf\u547d\u4ee4\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://fidelissecurity.zendesk.com/hc/en-us/articles/6211730139411",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2022-59173",
  "openTime": "2022-08-24",
  "patchDescription": "Fidelis Network Deception\u662f\u7f8e\u56fdFidelis\u516c\u53f8\u7684\u4e00\u6b3e\u5b89\u5168\u4ea7\u54c1\u3002\u7528\u4e8e\u68c0\u6d4b\u5a01\u80c1\u5e76\u9632\u6b62\u6570\u636e\u4e22\u5931\uff0c\u6709\u68c0\u6d4b\u6076\u610f\u884c\u4e3a\u3001\u8bc6\u522b\u6d41\u91cf\u5f02\u5e38\u3001\u81ea\u52a8\u54cd\u5e94\u9ad8\u7ea7\u5a01\u80c1\u7b49\u529f\u80fd\u3002\r\n\r\nFidelis Network and Deception 9.4.5\u4e4b\u524d\u7248\u672c\u5b58\u5728\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8eCommandPost\u7684feed\u53c2\u6570\u5728\u4f7f\u7528feed_comm_test\u503c\u65f6\u5b58\u5728\u547d\u4ee4\u6ce8\u5165\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7\u7279\u6b8a\u7684HTTP\u8bf7\u6c42\u6267\u884c\u7cfb\u7edf\u547d\u4ee4\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Fidelis Network Deception\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Fidelis Fidelis Network and Deception \u003c9.4.5"
  },
  "referenceLink": "https://fidelissecurity.zendesk.com/hc/en-us/articles/6211730139411",
  "serverity": "\u9ad8",
  "submitTime": "2022-05-19",
  "title": "Fidelis Network Deception\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e"
}

CVE-2022-24392 (GCVE-0-2022-24392)

Vulnerability from cvelistv5 – Published: 2022-05-17 19:26 – Updated: 2024-09-16 16:12

Summary

Vulnerability in Fidelis Network and Deception CommandPost enables authenticated command injection through the web interface using the “feed_comm_test” value for the “feed” parameter. The vulnerability could allow a specially crafted HTTP request to execute system commands on the CommandPost and return results in an HTTP response via an authenticated session. The vulnerability is present in Fidelis Network and Deception versions prior to 9.4.5. Patches and updates are available to address this vulnerability.

Severity ?

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-78 - OS Command Injection

Assigner

Fidelis

References

URL

Tags

https://fidelissecurity.zendesk.com/hc/en-us/arti…

x_refsource_CONFIRM

Impacted products

Vendor

Product

Version

Fidelis Cybersecurity

Fidelis Network

Affected: Fidelis Network , < 9.4.5 (custom)

Fidelis Cybersecurity

Fidelis Deception

Affected: Fidelis Deception , < 9.4.5 (custom)

Credits

Ryan Wincey, Securifera

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T04:07:02.600Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://fidelissecurity.zendesk.com/hc/en-us/articles/6211730139411"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "CentOS"
          ],
          "product": "Fidelis Network",
          "vendor": "Fidelis Cybersecurity",
          "versions": [
            {
              "lessThan": "9.4.5",
              "status": "affected",
              "version": "Fidelis Network",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "CentOS"
          ],
          "product": "Fidelis Deception",
          "vendor": "Fidelis Cybersecurity",
          "versions": [
            {
              "lessThan": "9.4.5",
              "status": "affected",
              "version": "Fidelis Deception",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Ryan Wincey, Securifera"
        }
      ],
      "datePublic": "2022-05-16T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in Fidelis Network and Deception CommandPost enables authenticated command injection through the web interface using the \u201cfeed_comm_test\u201d value for the \u201cfeed\u201d parameter. The vulnerability could allow a specially crafted HTTP request to execute system commands on the CommandPost and return results in an HTTP response via an authenticated session. The vulnerability is present in Fidelis Network and Deception versions prior to 9.4.5. Patches and updates are available to address this vulnerability."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "Root level access"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-78",
              "description": "CWE-78 OS Command Injection",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-05-17T19:26:01",
        "orgId": "11ea3a0d-87b4-4e67-a1fa-f5a6be5d6676",
        "shortName": "Fidelis"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://fidelissecurity.zendesk.com/hc/en-us/articles/6211730139411"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Apply patches or upgrade to latest version"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Authenticated Command Injection Vulnerability in Fidelis Network and Deception",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@fidelissecurity.com",
          "DATE_PUBLIC": "2022-05-16T15:30:00.000Z",
          "ID": "CVE-2022-24392",
          "STATE": "PUBLIC",
          "TITLE": "Authenticated Command Injection Vulnerability in Fidelis Network and Deception"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Fidelis Network",
                      "version": {
                        "version_data": [
                          {
                            "platform": "CentOS",
                            "version_affected": "\u003c",
                            "version_name": "Fidelis Network",
                            "version_value": "9.4.5"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Fidelis Deception",
                      "version": {
                        "version_data": [
                          {
                            "platform": "CentOS",
                            "version_affected": "\u003c",
                            "version_name": "Fidelis Deception",
                            "version_value": "9.4.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Fidelis Cybersecurity"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Ryan Wincey, Securifera"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in Fidelis Network and Deception CommandPost enables authenticated command injection through the web interface using the \u201cfeed_comm_test\u201d value for the \u201cfeed\u201d parameter. The vulnerability could allow a specially crafted HTTP request to execute system commands on the CommandPost and return results in an HTTP response via an authenticated session. The vulnerability is present in Fidelis Network and Deception versions prior to 9.4.5. Patches and updates are available to address this vulnerability."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "Root level access"
          }
        ],
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-78 OS Command Injection"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://fidelissecurity.zendesk.com/hc/en-us/articles/6211730139411",
              "refsource": "CONFIRM",
              "url": "https://fidelissecurity.zendesk.com/hc/en-us/articles/6211730139411"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "Apply patches or upgrade to latest version"
          }
        ],
        "source": {
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "11ea3a0d-87b4-4e67-a1fa-f5a6be5d6676",
    "assignerShortName": "Fidelis",
    "cveId": "CVE-2022-24392",
    "datePublished": "2022-05-17T19:26:01.470821Z",
    "dateReserved": "2022-02-03T00:00:00",
    "dateUpdated": "2024-09-16T16:12:26.172Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2022-59173

CVE-2022-24392 (GCVE-0-2022-24392)

Tags

Sightings

Nomenclature