PT-2020-17192 · Hashicorp · Hashicorp Consul

Koharin

Published

2020-12-08

Updated

2020-12-22

CVE-2020-29564

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Consul Docker images versions 0.7.1 through 1.4.2

Description The official Consul Docker images contain a blank password for a root user. Systems using the Consul Docker container deployed by affected versions of the Docker image may allow a remote attacker to achieve root access with a blank password.

Recommendations For Consul Docker images versions 0.7.1 through 1.4.2, update to a version that contains a fix for this issue to prevent remote attackers from achieving root access with a blank password. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2020-29564

Affected Products

Hashicorp Consul

PT-2020-17192 · Hashicorp · Hashicorp Consul

CVE-2020-29564

Related Identifiers

Affected Products

References · 5