CVE-2021-29465 – CVE-2021-29465 is a critical vulnerability in D... (How to Fix)

Q: What is the severity of CVE-2021-29465?

CVE-2021-29465 has a CVSS score of 8.3 (HIGH). CVE-2021-29465 is a critical vulnerability in Discord-Recon bot versions 0.0.3 and earlier that allows remote attackers to overwrite arbitrary files on the system with command results, potentially leading to remote code execution. This affects anyone running vulnerable versions of the Discord-Recon bot on their Discord servers. Attackers can exploit this by sending specially crafted commands through Discord.

📋 TL;DR

CVE-2021-29465 is a critical vulnerability in Discord-Recon bot versions 0.0.3 and earlier that allows remote attackers to overwrite arbitrary files on the system with command results, potentially leading to remote code execution. This affects anyone running vulnerable versions of the Discord-Recon bot on their Discord servers. Attackers can exploit this by sending specially crafted commands through Discord.

💻 Affected Systems

Products:

Discord-Recon

Versions: 0.0.3 and earlier

Operating Systems: All operating systems where Discord-Recon runs

Default Config Vulnerable: ⚠️ Yes

Notes: All installations of affected versions are vulnerable regardless of configuration.

📦 What is this software?

Discord Recon by Discord

View all CVEs affecting Discord Recon →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through remote code execution, allowing attackers to install malware, steal data, or pivot to other systems.

🟠

Likely Case

File system corruption or unauthorized data modification leading to service disruption and potential credential theft.

🟢

If Mitigated

Limited impact with proper network segmentation and least privilege, potentially only affecting the bot's isolated environment.

🌐 Internet-Facing: HIGH - The bot connects to Discord's internet-facing service, making it accessible to any Discord user who can interact with it.

🏢 Internal Only: LOW - The vulnerability requires interaction through Discord's external service, not internal network access.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires Discord access to send commands to the bot, but the vulnerability itself is simple to exploit once access is obtained.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 0.0.4

Vendor Advisory: https://github.com/DEMON1A/Discord-Recon/security/advisories/GHSA-6pp2-rpj3-jcjx

Restart Required: Yes

Instructions:

1. Stop the Discord-Recon bot. 2. Update to version 0.0.4 or later using 'pip install --upgrade discord-recon'. 3. Restart the bot.

🔧 Temporary Workarounds

Edit settings.py workaround

all

Modify the RCE variable in settings.py to add angle brackets, which prevents the file overwrite vulnerability.

Edit settings.py and modify the RCE variable to include '<' and '>' characters

🧯 If You Can't Patch

Immediately disable or remove the Discord-Recon bot from all Discord servers
Implement network segmentation to isolate the bot's host system from critical infrastructure

🔍 How to Verify

Check if Vulnerable:

Check the installed version of Discord-Recon using 'pip show discord-recon' and verify if it's 0.0.3 or earlier.

Check Version:

pip show discord-recon | grep Version

Verify Fix Applied:

Confirm version is 0.0.4 or later using 'pip show discord-recon' and check that the settings.py file has been properly modified if using the workaround.

📡 Detection & Monitoring

Log Indicators:

Unusual file write operations by the Discord-Recon process
Multiple failed command attempts in Discord bot logs

Network Indicators:

Suspicious Discord API calls with file manipulation commands
Unexpected outbound connections from the bot host

SIEM Query:

process_name:"python" AND command_line:"discord-recon" AND (file_write:* OR file_modify:*)

📊 Metadata

CVE ID: CVE-2021-29465

CVSS v3 Score: 8.3 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H

CWE: CWE-94

Published: April 22, 2021

Last Updated: November 21, 2024

🔗 References

https://github.com/DEMON1A/Discord-Recon/security/advisories/GHSA-6pp2-rpj3-jcjx Mitigation,Third Party Advisory
https://github.com/DEMON1A/Discord-Recon/security/advisories/GHSA-6pp2-rpj3-jcjx Mitigation,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-29465, you might also want to check these: