CVE-2022-24393

Name of the Vulnerable Software and Affected Versions Fidelis Network and Deception versions prior to 9.4.5

Description The issue allows authenticated command injection through the web interface using the check vertica upgrade value for the cpIp parameter. This could enable a specially crafted HTTP request to execute system commands on the CommandPost and return results in an HTTP response via an authenticated session.

Recommendations For versions prior to 9.4.5, update to version 9.4.5 or later to address this issue. As a temporary workaround, consider restricting access to the web interface or limiting the use of the cpIp parameter until a patch is applied.