CVE-2021-35049

Name of the Vulnerable Software and Affected Versions: Fidelis Network and Deception versions prior to 9.3.7 Fidelis Network and Deception version 9.4

Description: The issue allows authenticated command injection through the web interface, enabling a specially crafted HTTP request to execute system commands on the CommandPost and return results in an HTTP response in an authenticated session.

Recommendations: For versions prior to 9.3.7, update to version 9.3.7 or later to address the issue. For version 9.4, apply the available patches and updates to resolve the vulnerability. As a temporary workaround, consider restricting access to the web interface until a patch is applied.