CVE-2024-56334

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Dec 20, 2024
Updated: Dec 24, 2024
CWE ID 94

Summary

CVE-2024-56334 is a vulnerability affecting the systeminformation library for node.js, specifically versions prior to 5.23.7. The issue lies in the `getWindowsIEEE8021x` function where SSIDs are not properly sanitized before being passed to cmd.exe. Malicious content in the SSID can be executed as OS commands, potentially enabling remote code execution or local privilege escalation. Users are advised to upgrade to version 5.23.7 as no workarounds are available to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share