## https://sploitus.com/exploit?id=42B24F68-C6D4-5B32-AB58-EDFB1C7C67F6
# **CVE-2021-41805**
### **Hashicorp Consul RCE via API**
**HashiCorp Consul** Enterprise before 1.8.17, 1.9.x before 1.9.11, and 1.10.x before 1.10.4 has Incorrect Access Control. An ACL token (with the default operator:write permissions) in one namespace can be used for unintended privilege escalation in a different namespace.
## Summary
CVE_ID : CVE-2021-41805
Base Score : 8.8
Severity : High
Issued on : 2021-12-12
Affected Versions : HashiCorp Consul Enterprise before 1.8.17, 1.9.x before 1.9.11, and 1.10.x before 1.10.4
## References
[https://www.cvedetails.com/cve/CVE-2021-41805/](https://www.cvedetails.com/cve/CVE-2021-41805/)
[https://discuss.hashicorp.com/t/hcsec-2021-29-consul-enterprise-namespace-default-acls-allow-privilege-escalation/31871](https://discuss.hashicorp.com/t/hcsec-2021-29-consul-enterprise-namespace-default-acls-allow-privilege-escalation/31871)
[https://security.netapp.com/advisory/ntap-20211229-0007/](https://security.netapp.com/advisory/ntap-20211229-0007/)
## Impact
Get a reverse shell, and get root access.
## Usage
```
git clone https://github.com/I-Am-Nelson/CVE-2021-41805.git
cd CVE-2021-41805
```
Then start the listener:
```
sudo nc -lvnp <port>
```
Then run the exploit:
```
python3 CVE-2021-41805.py
```