Is CVE-2021-21388 actively exploited?

CVE-2021-21388 has no public evidence of in-the-wild exploitation as of 2024-11-21.

What is the CVSS score for CVE-2021-21388?

CVE-2021-21388 has a CVSS score of 8.9 (HIGH severity). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:H.

How do I patch CVE-2021-21388?

Patch guidance is available from systeminformation security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2021-21388.

Which products are affected by CVE-2021-21388?

1 product: systeminformation systeminformation.

Fix CVE-2021-21388 - HIGH | CVEDatabase.com

Description

systeminformation is an open source system and OS information library for node.js. A command injection vulnerability has been discovered in versions of systeminformation prior to 5.6.4. The issue has been fixed with a parameter check on user input. Please upgrade to version >= 5.6.4. If you cannot upgrade, be sure to check or sanitize service parameters that are passed to si.inetLatency(), si.inetChecksite(), si.services(), si.processLoad() and other commands. Only allow strings, reject any arrays. String sanitation works as expected.

CVSS Metrics

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:H
Attack Vector: network
Complexity: low
Privileges: low
User Action: required
Scope: changed
Confidentiality: high
Integrity: low
Availability: high
Weaknesses: CWE-20 · Improper Input Validation CWE-78 · OS Command Injection CWE-78 · OS Command Injection

Metadata

Primary Vendor: SYSTEMINFORMATION
Published: 4/29/2021
Last Modified: 11/21/2024
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

CVE-2021-21388

Description

CVSS Metrics

Metadata

Affected Products

Remediation Guidance

Executive Summary