8.8

CVSS Score

3.1

Basic Information

CVE ID

CVE-2021-37219

GHSA ID

GHSA-ccw8-7688-vqx4

EPSS Score

0.85498%

CWE

CWE-295

Published

9/8/2021

Updated

4/3/2023

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2021-37219

CVE-2021-37219: HashiCorp Consul Privilege Escalation Vulnerability

HashiCorp Consul and Consul Enterprise 1.10.1 Raft RPC layer allows non-server agents with a valid certificate signed by the same CA to access server-only functionality, enabling privilege escalation. Fixed in 1.8.15, 1.9.9 and 1.10.2.

(GitHub Advisory)

8.8

CVSS Score

3.1

Basic Information

CVE ID

CVE-2021-37219

GHSA ID

GHSA-ccw8-7688-vqx4

EPSS Score

0.85498%

CWE

CWE-295

Published

9/8/2021

Updated

4/3/2023

KEV Status

Technology

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
github.com/hashicorp/consul	go	= 1.10.1	1.10.2
github.com/hashicorp/consul	go	>= 1.9.0, < 1.9.9	1.9.9
github.com/hashicorp/consul	go	< 1.8.15	1.8.15

Vulnerability Intelligence
Miggo AI

Root Cause Analysis:

In progress

WAF Protection Rules

WAF Rule

**s*i*orp *onsul *n* *onsul *nt*rpris* *.**.* R**t RP* l*y*r *llows non-s*rv*r ***nts wit* * v*li* **rti*i**t* si*n** *y t** s*m* ** to ****ss s*rv*r-only *un*tion*lity, *n**lin* privil*** *s**l*tion. *ix** in *.*.**, *.*.* *n* *.**.*.

Reasoning

No *n*lysis *v*il**l*

8.8

Basic Information

Concerned about an active attack path?

CVE-2021-37219: HashiCorp Consul Privilege Escalation Vulnerability

8.8

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI