Login Sign Up

CVE-2024-21663

9.9 CRITICAL
Remote Code Execution

📋 TL;DR

Discord-Recon, a Discord bot for bug bounty automation, is vulnerable to remote code execution (RCE) allowing attackers to execute shell commands on the server without admin privileges. This affects users running vulnerable versions of the bot, potentially compromising the host system and sensitive data. The vulnerability has been fixed in version 0.0.8.

💻 Affected Systems

Products:
  • Discord-Recon
Versions: Versions before 0.0.8
Operating Systems: All, as it's a Node.js application
Default Config Vulnerable: ⚠️ Yes
Notes: The vulnerability is present in default configurations of affected versions.

📦 What is this software?

Discord Recon by Demon1a

View all CVEs affecting Discord Recon →

Discord Recon by Demon1a

View all CVEs affecting Discord Recon →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full compromise of the host system, leading to data theft, lateral movement, or deployment of malware.

🟠

Likely Case

Unauthorized access to execute arbitrary commands, potentially disrupting operations or stealing sensitive information.

🟢

If Mitigated

Limited impact if proper access controls and isolation are in place, but risk remains if exploited.

🌐 Internet-Facing: HIGH, as Discord bots are typically internet-facing and accessible via Discord servers, increasing exposure.
🏢 Internal Only: LOW, since the bot is designed for external use via Discord, but internal misuse could still occur.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires access to Discord commands but not admin roles, making it relatively easy for attackers with basic access.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 0.0.8

Vendor Advisory: https://github.com/DEMON1A/Discord-Recon/security/advisories/GHSA-fjcj-g7x8-4rp7

Restart Required: Yes

Instructions:

1. Update Discord-Recon to version 0.0.8 or later. 2. Restart the bot to apply the patch. 3. Verify the update by checking the version.

🔧 Temporary Workarounds

Restrict Discord Access

all

Limit bot access to trusted users only by adjusting Discord server permissions.

Isolate Bot Environment

linux

Run the bot in a sandboxed or containerized environment to limit potential damage from RCE.

docker run --rm -it node:alpine

🧯 If You Can't Patch

  • Disable or remove the Discord-Recon bot until patching is possible.
  • Implement strict network segmentation and monitoring to detect and block exploitation attempts.

🔍 How to Verify

Check if Vulnerable:

Check the Discord-Recon version; if it's below 0.0.8, it is vulnerable.

Check Version:

node -e "console.log(require('./package.json').version)" (run in bot directory)

Verify Fix Applied:

After updating, confirm the version is 0.0.8 or higher and test that RCE commands no longer execute.

📡 Detection & Monitoring

Log Indicators:

  • Unusual shell command executions in bot logs
  • Error messages related to command injection

Network Indicators:

  • Suspicious outbound connections from the bot server
  • Unexpected data exfiltration

SIEM Query:

source="discord-recon.log" AND (command="*sh*" OR command="*exec*")

📊 Metadata

CVE ID: CVE-2024-21663
CVSS v3 Score: 9.9 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CWE: CWE-20
Published: January 9, 2024
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-21663, you might also want to check these:

CVE-2022-47190 10.0

CVE-2022-47190 allows remote attackers to upload malicious firmware containing a webshell to Generex...

Same vulnerability type (CWE-20)
CVE-2024-3400 10.0

CVE-2024-3400 is a critical command injection vulnerability in Palo Alto Networks PAN-OS GlobalProte...

Same vulnerability type (CWE-20)
CVE-2023-42802 10.0

This critical vulnerability in GLPI allows attackers to upload malicious PHP files to unauthorized d...

Same vulnerability type (CWE-20)