Details of VAR-202104-0697

ID

VAR-202104-0697

CVE

CVE-2021-21433

TITLE

Discord Recon Server code injection vulnerability

Trust: 0.6

sources: CNVD: CNVD-2021-34351

DESCRIPTION

Discord Recon Server is a bot that allows you to do your reconnaissance process from your Discord. Remote code execution in version 0.0.1 would allow remote users to execute commands on the server resulting in serious issues. This flaw is patched in 0.0.2

Trust: 1.53

sources: NVD: CVE-2021-21433 // CNVD: CNVD-2021-34351 // VULMON: CVE-2021-21433

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-34351

AFFECTED PRODUCTS

vendor:	demon1a	model:	discord-recon	scope:	lt	version:	0.0.2	Trust: 1.0
vendor:	discord	model:	recon server	scope:	eq	version:	0.0.1	Trust: 0.6

sources: CNVD: CNVD-2021-34351 // NVD: CVE-2021-21433

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-21433
value:	HIGH
Trust: 1.0
security-advisories@github.com:	CVE-2021-21433
value:	CRITICAL
Trust: 1.0
CNVD:	CNVD-2021-34351
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202104-619
value:	HIGH
Trust: 0.6
VULMON:	CVE-2021-21433
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-21433
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
CNVD:	CNVD-2021-34351
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2021-21433
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
security-advisories@github.com:	CVE-2021-21433
baseSeverity:	CRITICAL
baseScore:	9.9
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.1
impactScore:	6.0
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2021-34351 // VULMON: CVE-2021-21433 // CNNVD: CNNVD-202104-619 // NVD: CVE-2021-21433 // NVD: CVE-2021-21433

PROBLEMTYPE DATA

problemtype:	CWE-94	Trust: 1.0
problemtype:	CWE-78	Trust: 1.0

sources: NVD: CVE-2021-21433

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202104-619

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-202104-619

PATCH

title:	Patch for Discord Recon Server code injection vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/264556	Trust: 0.6
title:	Discord Recon Server Fixes for code injection vulnerabilities	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=147353	Trust: 0.6
title:	-	url:	https://github.com/Live-Hack-CVE/CVE-2021-21433	Trust: 0.1

sources: CNVD: CNVD-2021-34351 // VULMON: CVE-2021-21433 // CNNVD: CNNVD-202104-619

EXTERNAL IDS

db:	NVD	id:	CVE-2021-21433	Trust: 2.3
db:	CNVD	id:	CNVD-2021-34351	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-619	Trust: 0.6
db:	VULMON	id:	CVE-2021-21433	Trust: 0.1

sources: CNVD: CNVD-2021-34351 // VULMON: CVE-2021-21433 // CNNVD: CNNVD-202104-619 // NVD: CVE-2021-21433

REFERENCES

url:	https://github.com/demon1a/discord-recon/security/advisories/ghsa-65fm-5x64-gv9x	Trust: 1.7
url:	https://github.com/demon1a/discord-recon/commit/26e2a084679679cccdeeabbb6889ce120eff7e50	Trust: 1.7
url:	https://github.com/demon1a/discord-recon/issues/6	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-21433	Trust: 1.2
url:	https://cwe.mitre.org/data/definitions/78.html	Trust: 0.1
url:	https://github.com/live-hack-cve/cve-2021-21433	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2021-34351 // VULMON: CVE-2021-21433 // CNNVD: CNNVD-202104-619 // NVD: CVE-2021-21433

SOURCES

db:	CNVD	id:	CNVD-2021-34351
db:	VULMON	id:	CVE-2021-21433
db:	CNNVD	id:	CNNVD-202104-619
db:	NVD	id:	CVE-2021-21433

LAST UPDATE DATE

2024-11-23T22:37:02.507000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-34351	date:	2021-05-13T00:00:00
db:	VULMON	id:	CVE-2021-21433	date:	2022-10-24T00:00:00
db:	CNNVD	id:	CNNVD-202104-619	date:	2022-10-25T00:00:00
db:	NVD	id:	CVE-2021-21433	date:	2024-11-21T05:48:21.150

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-34351	date:	2021-05-13T00:00:00
db:	VULMON	id:	CVE-2021-21433	date:	2021-04-09T00:00:00
db:	CNNVD	id:	CNNVD-202104-619	date:	2021-04-09T00:00:00
db:	NVD	id:	CVE-2021-21433	date:	2021-04-09T18:15:13.693