Login Sign Up

CVE-2022-24388

8.8 HIGH
Remote Code Execution

📋 TL;DR

This vulnerability allows an attacker with user-level CLI access to inject root-level commands via the rconfig 'date' parameter in Fidelis Network and Deception components. It affects CommandPost, Collector, Sensor, Sandbox, and neighboring Fidelis components. Users of versions prior to 9.4.5 are at risk.

💻 Affected Systems

Products:
  • Fidelis Network CommandPost
  • Fidelis Network Collector
  • Fidelis Network Sensor
  • Fidelis Network Sandbox
  • Fidelis Deception CommandPost
  • Fidelis Deception Collector
  • Fidelis Deception Sensor
  • Fidelis Deception Sandbox
Versions: All versions prior to 9.4.5
Operating Systems: Not specified in advisory
Default Config Vulnerable: ⚠️ Yes
Notes: Requires user-level CLI access to exploit; affects both Network and Deception product lines.

📦 What is this software?

Deception by Fidelissecurity

View all CVEs affecting Deception →

Network by Fidelissecurity

View all CVEs affecting Network →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with root-level command execution, enabling data theft, lateral movement, and persistent backdoor installation.

🟠

Likely Case

Privilege escalation from user to root access, allowing attackers to execute arbitrary commands and potentially compromise the entire Fidelis deployment.

🟢

If Mitigated

Limited impact if proper access controls restrict CLI access and network segmentation isolates vulnerable components.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires existing user-level CLI access; command injection via rconfig date parameter.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 9.4.5

Vendor Advisory: https://fidelissecurity.zendesk.com/hc/en-us/articles/6211730139411

Restart Required: Yes

Instructions:

1. Download patch from Fidelis support portal. 2. Apply patch to all affected components. 3. Restart services/components as required.

🔧 Temporary Workarounds

Restrict CLI Access

all

Limit CLI access to trusted administrators only using RBAC and network controls.

Network Segmentation

all

Isolate Fidelis components from untrusted networks and implement strict firewall rules.

🧯 If You Can't Patch

  • Implement strict access controls to limit CLI access to essential personnel only.
  • Monitor CLI activity logs for suspicious command injection patterns.

🔍 How to Verify

Check if Vulnerable:

Check Fidelis component version via admin interface or CLI; if version is below 9.4.5, system is vulnerable.

Check Version:

fidelis-version-check (specific command may vary by component)

Verify Fix Applied:

Verify version is 9.4.5 or higher after patch application and test rconfig date functionality.

📡 Detection & Monitoring

Log Indicators:

  • Unusual CLI activity from non-admin users
  • Command injection patterns in rconfig date parameter logs
  • Privilege escalation attempts

Network Indicators:

  • Unexpected outbound connections from Fidelis components
  • Anomalous traffic patterns post-CLI access

SIEM Query:

source="fidelis_logs" AND (event="cli_access" OR command="rconfig date") AND user!="admin"

📊 Metadata

CVE ID: CVE-2022-24388
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-78
Published: May 17, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-24388, you might also want to check these:

CVE-2023-2564 10.0

This CVE describes an OS command injection vulnerability in scanservjs web scanning software that al...

Same vulnerability type (CWE-78)
CVE-2024-58338 10.0

Anevia Flamingo XL 3.2.9 contains a restricted shell escape vulnerability that allows remote attacke...

Same vulnerability type (CWE-78)
CVE-2025-26389 10.0

This critical vulnerability allows unauthenticated remote attackers to execute arbitrary code with r...

Same vulnerability type (CWE-78)