{"id":7428,"date":"2022-03-17T15:39:01","date_gmt":"2022-03-17T22:39:01","guid":{"rendered":"https:\/\/webdev.securin.xyz\/?p=7428"},"modified":"2023-04-05T12:34:55","modified_gmt":"2023-04-05T19:34:55","slug":"after-a-year-dhs-cisa-adds-cve-2021-21315-to-kevs-catalog","status":"publish","type":"post","link":"https:\/\/10.42.32.162\/articles\/after-a-year-dhs-cisa-adds-cve-2021-21315-to-kevs-catalog\/","title":{"rendered":"After a year, DHS CISA Adds CVE-2021-21315 to KEVs Catalog!"},"content":{"rendered":"
In 2021, a remote code execution vulnerability was discovered in the System Information Library for Node.JS, an open-source collection of functions that aid in retrieving detailed information about CPU, hardware, battery, network, services, and system processes.<\/p>\n
<\/p>\n
\nMore than 56,000 open instances of NodeJs packages are exposed to the remote code injection bug, with 38% of them in the United States and 9% in China. Further, cyber research intelligence reports that this CVE 2021-21315 is hotly discussed on dark forums among hackers, posing a high threat to numerous organizations.<\/strong><\/p>\n<\/blockquote>\n
<\/p>\n
This vulnerability is tracked as CVE 2021-21315<\/a> and earned a CVSS v3 score of 7.8 (high). In this case, the RCE bug falls under a vulnerability category described as CWE-78 that leads to Improper Neutralization of Special Elements used in an OS Command, ranking fifth<\/a> in the Top 25 Software Weaknesses.<\/p>\n
<\/p>\n
\nInterestingly enough, over a year of CVE disclosure, CISA added this CVE to its catalog of Known Exploited Vulnerabilities (KEV), urging organizations to patch it immediately.<\/strong><\/p>\n<\/blockquote>\n
<\/p>\n
A researcher from Cyber Security Works (CSW) took a deep dive into this NodeJs CVE 2021-21315 vulnerability and developed a Proof-of-Concept<\/a> exploit code.<\/p>\n
Vulnerability Analysis<\/h2>\n
The following *index.js* script creates an application with two endpoints – *\/api\/getServices* and *\/api\/checkSite* displayed, which each use the libraries function to check if a background service is running and if a URL is accessible, respectively.<\/p>\n
<\/p>\n