A vital command injection vulnerability within the fashionable systeminformation npm bundle has lately been disclosed, exposing hundreds of thousands of methods to potential distant code execution (RCE) and privilege escalation assaults.
The vulnerability, assigned CVE-2024-56334, highlights the significance of safe coding practices when coping with untrusted consumer enter.
The vulnerability resides within the getWindowsIEEE8021x operate of the systeminformation bundle, particularly affecting variations ≤5.23.6.
The difficulty stems from insufficient sanitization of the Wi-Fi SSID discipline, which is handed instantly as a parameter to Home windows’ cmd.exe. This enables attackers to inject malicious payloads that may be executed as working system instructions.
2024 MITRE ATT&CK Analysis Outcomes for SMEs & MSPs -> Obtain Free Information
Particulars of the Vulnerability
In keeping with the GitHub experiences, the flaw was found in how the SSID is obtained and processed.
The SSID is retrieved utilizing the netsh wlan present interface command and subsequently handed to cmd.exe /d /s /c “netsh wlan present profiles”.
The SSID discipline just isn’t sanitized earlier than being handed to the command, permitting attackers to craft malicious SSID names that may execute arbitrary instructions on the sufferer’s system.
Proof of Idea (PoC)
The next steps exhibit the vulnerability:
- Crafting a Malicious SSID: An attacker can set the SSID of a hotspot to incorporate a command injection payload, reminiscent of:
- a” | ping /t 127.0.0.1 &
- a” | %SystemDrivepercentaa.exe &
- Connecting to the Malicious Community: The sufferer connects to the malicious SSID utilizing a susceptible system.
- Executing the Exploit: The attacker executes the susceptible operate by way of the bundle:
const si = require('systeminformation');si.networkInterfaces((web) => { console.log(web) });This exploit permits the execution of arbitrary instructions, reminiscent of working executables or creating an indefinite ping loop.
Affected and Patched Variations
Listed below are the affected and patched variations of the systeminformation bundle introduced in a desk format for higher readability:
| Model Standing | Model | Particulars |
| Affected Variations | ≤ 5.23.6 | Susceptible to the command injection flaw. |
| Patched Model | 5.23.7 | Vulnerability mounted; sanitization applied. |
The influence of the vulnerability is extreme and poses important safety dangers. Exploiting this flaw can allow distant code execution (RCE) or native privilege escalation, relying on how the systeminformation bundle is used inside an software.
By injecting malicious instructions via a specifically crafted Wi-Fi SSID, attackers can execute arbitrary instructions, doubtlessly gaining unauthorized entry to methods, exfiltrating delicate knowledge, or disrupting operations.
The vulnerability compromises the confidentiality, integrity, and availability of the affected methods, with a CVSS v3 base rating of 10.0 (Excessive) indicating the vital nature of the difficulty. Builders should act swiftly to patch their methods and forestall potential exploitation.
The vulnerability was reported by safety researcher @xAiluros, who documented the difficulty and the proof of idea.
The writer of the bundle, sebhildebrandt, rapidly addressed the difficulty by releasing a patched model. Builders counting on the systeminformation bundle ought to act promptly to safe their methods in opposition to this vital flaw.
Examine Actual-World Malicious Hyperlinks, Malware & Phishing Assaults With ANY.RUN – Strive for Free
