Exploit for Incorrect Authorization in Hashicorp Consul CVE-2021-41805

Name: Exploit for Incorrect Authorization in Hashicorp Consul CVE-2021-41805
Rating: 5 (252 reviews)

2022-12-07 | CVSS 6.5

## https://sploitus.com/exploit?id=42B24F68-C6D4-5B32-AB58-EDFB1C7C67F6
# **CVE-2021-41805**
### **Hashicorp Consul RCE via API**

**HashiCorp Consul** Enterprise before 1.8.17, 1.9.x before 1.9.11, and 1.10.x before 1.10.4 has Incorrect Access Control. An ACL token (with the default operator:write permissions) in one namespace can be used for unintended privilege escalation in a different namespace.
 
## Summary   
CVE_ID              : CVE-2021-41805   
Base Score          : 8.8  
Severity            : High   
Issued on           : 2021-12-12   
Affected Versions   : HashiCorp Consul Enterprise before 1.8.17, 1.9.x before 1.9.11, and 1.10.x before 1.10.4   

## References
[https://www.cvedetails.com/cve/CVE-2021-41805/](https://www.cvedetails.com/cve/CVE-2021-41805/)

[https://discuss.hashicorp.com/t/hcsec-2021-29-consul-enterprise-namespace-default-acls-allow-privilege-escalation/31871](https://discuss.hashicorp.com/t/hcsec-2021-29-consul-enterprise-namespace-default-acls-allow-privilege-escalation/31871)

[https://security.netapp.com/advisory/ntap-20211229-0007/](https://security.netapp.com/advisory/ntap-20211229-0007/)


## Impact
Get a reverse shell, and get root access.


## Usage
```
git clone https://github.com/I-Am-Nelson/CVE-2021-41805.git
cd CVE-2021-41805
```
Then start the listener:
```
sudo nc -lvnp <port>
```
Then run the exploit:
```
python3 CVE-2021-41805.py
```