Vulnerability in the CommandPost, Collector, and Sensor components of Fidelis Network and Deception enables an attacker with user level access to the CLI to inject root level commands into the component and neighboring Fidelis components. The vulnerability is present in Fidelis Network and Deception versions prior to 9.3.7 and in version 9.4. Patches and updates are available to address this vulnerability.
References
Link | Resource |
---|---|
https://support.fidelissecurity.com/hc/en-us/categories/360001842694-Advisories-News-and-Policies | Permissions Required Vendor Advisory |
https://www.securifera.com/blog/2021/06/24/operation-eagle-eye/ | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: Fidelis
Published: 2021-06-18T00:00:00
Updated: 2021-09-07T18:21:44
Reserved: 2021-06-18T00:00:00
Link: CVE-2021-35047
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-06-25T12:15:08.467
Modified: 2021-09-14T18:46:39.427
Link: CVE-2021-35047
JSON object: View
Redhat Information
No data.
CWE