Fidelis Network Deception命令注入漏洞

Fidelis Network Deception is a security product from Fidelis USA. used to detect threats and prevent data loss, with features such as detecting malicious behavior, identifying traffic anomalies, and automatically responding to advanced threats.A command injection vulnerability exists in versions prior to Fidelis Network and Deception 9.4.5, which stems from the presence of the feed parameter of CommandPost when using the feed_comm_test value Command injection, an attacker can use this vulnerability to execute system commands via special HTTP requests.