CVE-2024-56334
CVSS 3.1 Score 7.8 of 10 (high)
Details
Published Dec 20, 2024
Updated: Dec 24, 2024
CWE ID 94
Summary
CVE-2024-56334 is a vulnerability affecting the systeminformation library for node.js, specifically versions prior to 5.23.7. The issue lies in the `getWindowsIEEE8021x` function where SSIDs are not properly sanitized before being passed to cmd.exe. Malicious content in the SSID can be executed as OS commands, potentially enabling remote code execution or local privilege escalation. Users are advised to upgrade to version 5.23.7 as no workarounds are available to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share