VYPR

CommandPost

by Fidelis Cybersecurity

CVEs (2)

  • CVE-2021-35047CriJun 25, 2021
    risk 0.64cvss 9.9epss 0.02

    Vulnerability in the CommandPost, Collector, and Sensor components of Fidelis Network and Deception enables an attacker with user level access to the CLI to inject root level commands into the component and neighboring Fidelis components. The vulnerability is present in Fidelis…

  • CVE-2022-24393HigMay 17, 2022
    risk 0.57cvss 8.8epss 0.03

    Vulnerability in Fidelis Network and Deception CommandPost enables authenticated command injection through the web interface using the “check_vertica_upgrade” value for the “cpIp” parameter. The vulnerability could allow a specially crafted HTTP request to execute system…