Wiz
Vulnerability DatabaseCVE-2022-24394

CVE-2022-24394
NixOS vulnerability analysis and mitigation

Overview

A vulnerability was identified in Fidelis Network and Deception CommandPost affecting versions prior to 9.4.5. The vulnerability (CVE-2022-24394) was discovered and assigned on February 3, 2022, allowing authenticated command injection through the web interface using the 'update_checkfile' value for the 'filename' parameter (CVE Mitre).

Technical details

The vulnerability allows for authenticated command injection through the web interface, specifically exploiting the 'update_checkfile' value in the 'filename' parameter. When exploited, it enables the execution of system commands on the CommandPost and returns results in an HTTP response via an authenticated session (CVE Mitre).

Impact

If successfully exploited, this vulnerability allows attackers with authenticated access to execute system commands on the CommandPost system, potentially compromising the security and integrity of the Fidelis Network and Deception platform (CVE Mitre).

Mitigation and workarounds

Patches and updates have been made available to address this vulnerability. Users are advised to upgrade to Fidelis Network and Deception version 9.4.5 or later to mitigate this security issue (CVE Mitre).

Additional resources

SourceThis report was generated using AI

Related NixOS vulnerabilities:

CVE ID

Severity

Score

Technologies

Component name

CISA KEV exploit

Has fix

Published date

CVE-2025-69264CRITICAL9.8
  • JavaScriptJavaScript
  • pnpm
NoYesJan 07, 2026
CVE-2025-69263HIGH8.8
  • JavaScriptJavaScript
  • pnpm
NoYesJan 07, 2026
CVE-2025-69262HIGH7.8
  • JavaScriptJavaScript
  • pnpm
NoYesJan 07, 2026
CVE-2026-21885MEDIUM6.5
  • NixOSNixOS
  • miniflux
NoYesJan 08, 2026
CVE-2026-22184MEDIUM4.6
  • NixOSNixOS
  • java-1.8.0-openjdk-demo
NoYesJan 07, 2026

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

Cloud Vulnerability DB

A community-led vulnerabilities database

Cloud Threat Landscape

Cloud Threat Landscape

A threat intelligence database

PEACH

PEACH

A tenant isolation framework

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management
Get a demo