CVE-2021-41805

Hashicorp Consul RCE via API

HashiCorp Consul Enterprise before 1.8.17, 1.9.x before 1.9.11, and 1.10.x before 1.10.4 has Incorrect Access Control. An ACL token (with the default operator:write permissions) in one namespace can be used for unintended privilege escalation in a different namespace.

Summary

CVE_ID : CVE-2021-41805
Base Score : 8.8
Severity : High
Issued on : 2021-12-12
Affected Versions : HashiCorp Consul Enterprise before 1.8.17, 1.9.x before 1.9.11, and 1.10.x before 1.10.4

References

https://www.cvedetails.com/cve/CVE-2021-41805/

https://discuss.hashicorp.com/t/hcsec-2021-29-consul-enterprise-namespace-default-acls-allow-privilege-escalation/31871

https://security.netapp.com/advisory/ntap-20211229-0007/

Impact

Get a reverse shell, and get root access.

Usage

git clone https://github.com/I-Am-Nelson/CVE-2021-41805.git
cd CVE-2021-41805

Then start the listener:

sudo nc -lvnp <port>

Then run the exploit:

python3 CVE-2021-41805.py

Name		Name	Last commit message	Last commit date
Latest commit History 1 Commit
README.md		README.md
exploit.py		exploit.py

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

README.md

README.md

exploit.py

exploit.py

Repository files navigation

CVE-2021-41805

Hashicorp Consul RCE via API

Summary

References

Impact

Usage

About

Releases

Packages

Languages

blackm4c/CVE-2021-41805

Folders and files

Latest commit

History

README.md

README.md

exploit.py

exploit.py

Repository files navigation

CVE-2021-41805

Hashicorp Consul RCE via API

Summary

References

Impact

Usage

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages