CVE-2021-41805 PoC — Hashicorp HashiCorp Consul 安全漏洞

Source

Associated Vulnerability

Description

HashiCorp Consul exploit with python. (CVE-2021-41805)

Readme

# **CVE-2021-41805**
### **Hashicorp Consul RCE via API**

**HashiCorp Consul** Enterprise before 1.8.17, 1.9.x before 1.9.11, and 1.10.x before 1.10.4 has Incorrect Access Control. An ACL token (with the default operator:write permissions) in one namespace can be used for unintended privilege escalation in a different namespace.
 
## Summary   
CVE_ID              : CVE-2021-41805   
Base Score          : 8.8  
Severity            : High   
Issued on           : 2021-12-12   
Affected Versions   : HashiCorp Consul Enterprise before 1.8.17, 1.9.x before 1.9.11, and 1.10.x before 1.10.4   

## References
[https://www.cvedetails.com/cve/CVE-2021-41805/](https://www.cvedetails.com/cve/CVE-2021-41805/)

[https://discuss.hashicorp.com/t/hcsec-2021-29-consul-enterprise-namespace-default-acls-allow-privilege-escalation/31871](https://discuss.hashicorp.com/t/hcsec-2021-29-consul-enterprise-namespace-default-acls-allow-privilege-escalation/31871)

[https://security.netapp.com/advisory/ntap-20211229-0007/](https://security.netapp.com/advisory/ntap-20211229-0007/)


## Impact
Get a reverse shell, and get root access.


## Usage
```
git clone https://github.com/I-Am-Nelson/CVE-2021-41805.git
cd CVE-2021-41805
```
Then start the listener:
```
sudo nc -lvnp <port>
```
Then run the exploit:
```
python3 CVE-2021-41805.py
```



   
  

File Snapshot

 [4.0K]  /data/pocs/f43b62d7beca9236b9a09664f2027ec472fd23a1
├── [1.5K]  exploit.py
└── [1.3K]  README.md

0 directories, 2 files

Remarks