CVE-2021-37219

8.8HIGH

Key Information

Vendor: Hashicorp
Status: Consul
Vendor: CVE Published:; 7 September 2021

Summary

HashiCorp Consul and Consul Enterprise 1.10.1 Raft RPC layer allows non-server agents with a valid certificate signed by the same CA to access server-only functionality, enabling privilege escalation. Fixed in 1.8.15, 1.9.9 and 1.10.2.

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
Sep 7, 2021
Vulnerability Reserved.
Jul 21, 2021

Collectors

NVD DatabaseMitre Database