Giters

nelsondurairaj / CVE-2021-41805

HashiCorp Consul exploit with python. (CVE-2021-41805)

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

CVE-2021-41805

Hashicorp Consul RCE via API

HashiCorp Consul Enterprise before 1.8.17, 1.9.x before 1.9.11, and 1.10.x before 1.10.4 has Incorrect Access Control. An ACL token (with the default operator:write permissions) in one namespace can be used for unintended privilege escalation in a different namespace.

Summary

CVE_ID : CVE-2021-41805
Base Score : 8.8
Severity : High
Issued on : 2021-12-12
Affected Versions : HashiCorp Consul Enterprise before 1.8.17, 1.9.x before 1.9.11, and 1.10.x before 1.10.4

References

https://www.cvedetails.com/cve/CVE-2021-41805/

https://discuss.hashicorp.com/t/hcsec-2021-29-consul-enterprise-namespace-default-acls-allow-privilege-escalation/31871

https://security.netapp.com/advisory/ntap-20211229-0007/

Impact

Get a reverse shell, and get root access.

Usage

git clone https://github.com/I-Am-Nelson/CVE-2021-41805.git
cd CVE-2021-41805

Then start the listener:

sudo nc -lvnp <port>

Then run the exploit:

python3 CVE-2021-41805.py

About

HashiCorp Consul exploit with python. (CVE-2021-41805)

Languages

Language:Python 100.0%