Vulnerability Description
User credentials stored in a recoverable format within Fidelis Network and Deception CommandPost. In the event that an attacker gains access to the CommandPost, these values could be decoded and used to login to the application. The vulnerability is present in Fidelis Network and Deception versions prior to 9.3.3. This vulnerability has been addressed in version 9.3.3 and subsequent versions.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Fidelissecurity | Deception | < 9.3.3 |
| Fidelissecurity | Network | < 9.3.3 |
Related Weaknesses (CWE)
References
- https://support.fidelissecurity.com/hc/en-us/categories/360001842694-Advisories-Permissions RequiredVendor Advisory
- https://www.securifera.com/blog/2021/06/24/operation-eagle-eye/ExploitThird Party Advisory
- https://support.fidelissecurity.com/hc/en-us/categories/360001842694-Advisories-Permissions RequiredVendor Advisory
- https://www.securifera.com/blog/2021/06/24/operation-eagle-eye/ExploitThird Party Advisory
FAQ
What is CVE-2021-35050?
CVE-2021-35050 is a vulnerability with a CVSS score of 6.5 (MEDIUM). User credentials stored in a recoverable format within Fidelis Network and Deception CommandPost. In the event that an attacker gains access to the CommandPost, these values could be decoded and used ...
How severe is CVE-2021-35050?
CVE-2021-35050 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-35050?
Check the references section above for vendor advisories and patch information. Affected products include: Fidelissecurity Deception, Fidelissecurity Network.