Hashicorp Consul update for third-party components
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 6 |
| CVE-ID | CVE-2024-3596 CVE-2024-2511 CVE-2024-26458 CVE-2024-45338 CVE-2024-45337 CVE-2024-51744 |
| CWE-ID | CWE-327 CWE-400 CWE-401 CWE-285 CWE-1059 |
| Exploitation vector | Network |
| Public exploit |
Public exploit code for vulnerability #1 is available. Public exploit code for vulnerability #5 is available. |
| Vulnerable software |
Consul Server applications / Other server solutions |
| Vendor | HashiCorp |
Security Bulletin
This security bulletin contains information about 6 vulnerabilities.
1) Use of a broken or risky cryptographic algorithm
EUVDB-ID: #VU94063
Risk: Medium
CVSSv4.0: 6.8 [CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Green]
CVE-ID: CVE-2024-3596
CWE-ID:
CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to use of a broken or risky cryptographic algorithm in RADIUS Protocol. A remote user can perform a man-in-the-middle (MitM) attack and gain access to target system.
MitigationInstall update from vendor's website.
Vulnerable software versionsConsul: 1.0.0 - 1.20.1
CPE2.3- cpe:2.3:a:hashicorp:consul:1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:hashicorp:consul:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:hashicorp:consul:1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:hashicorp:consul:1.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:hashicorp:consul:1.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:hashicorp:consul:1.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:hashicorp:consul:1.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:hashicorp:consul:1.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:hashicorp:consul:1.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:hashicorp:consul:1.1.0:*:*:*:*:*:*:*
https://github.com/hashicorp/consul/releases/tag/v1.20.2
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
2) Resource exhaustion
EUVDB-ID: #VU88211
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-2511
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to unbounded memory growth when processing TLSv1.3 sessions. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
Successful exploitation of the vulnerability requires that the non-default SSL_OP_NO_TICKET option is being used in TLSv1.3.
Install update from vendor's website.
Vulnerable software versionsConsul: 1.0.0 - 1.20.1
CPE2.3- cpe:2.3:a:hashicorp:consul:1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:hashicorp:consul:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:hashicorp:consul:1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:hashicorp:consul:1.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:hashicorp:consul:1.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:hashicorp:consul:1.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:hashicorp:consul:1.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:hashicorp:consul:1.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:hashicorp:consul:1.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:hashicorp:consul:1.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:hashicorp:consul:1.1.1:*:*:*:*:*:*:*
https://github.com/hashicorp/consul/releases/tag/v1.20.2
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Memory leak
EUVDB-ID: #VU88225
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-26458
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak in /krb5/src/lib/rpc/pmap_rmt.c. A remote attacker can perform a denial of service attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsConsul: 1.0.0 - 1.20.1
CPE2.3- cpe:2.3:a:hashicorp:consul:1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:hashicorp:consul:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:hashicorp:consul:1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:hashicorp:consul:1.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:hashicorp:consul:1.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:hashicorp:consul:1.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:hashicorp:consul:1.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:hashicorp:consul:1.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:hashicorp:consul:1.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:hashicorp:consul:1.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:hashicorp:consul:1.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:hashicorp:consul:1.2.0:*:*:*:*:*:*:*
https://github.com/hashicorp/consul/releases/tag/v1.20.2
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Resource exhaustion
EUVDB-ID: #VU101868
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-45338
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources in several Parse functions. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsConsul: 1.0.0 - 1.20.1
CPE2.3- cpe:2.3:a:hashicorp:consul:1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:hashicorp:consul:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:hashicorp:consul:1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:hashicorp:consul:1.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:hashicorp:consul:1.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:hashicorp:consul:1.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:hashicorp:consul:1.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:hashicorp:consul:1.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:hashicorp:consul:1.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:hashicorp:consul:1.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:hashicorp:consul:1.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:hashicorp:consul:1.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:hashicorp:consul:1.2.1:*:*:*:*:*:*:*
https://github.com/hashicorp/consul/releases/tag/v1.20.2
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Improper authorization
EUVDB-ID: #VU101777
Risk: Medium
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P/U:Green]
CVE-ID: CVE-2024-45337
CWE-ID:
CWE-285 - Improper Authorization
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to gain unauthorized access to the application.
The vulnerability exists due to improper authorization caused by improper usage of the ServerConfig.PublicKeyCallback callback. A remote attacker can bypass authorization in certain cases and gain access to the application.
Install update from vendor's website.
Vulnerable software versionsConsul: 1.0.0 - 1.20.1
CPE2.3- cpe:2.3:a:hashicorp:consul:1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:hashicorp:consul:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:hashicorp:consul:1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:hashicorp:consul:1.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:hashicorp:consul:1.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:hashicorp:consul:1.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:hashicorp:consul:1.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:hashicorp:consul:1.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:hashicorp:consul:1.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:hashicorp:consul:1.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:hashicorp:consul:1.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:hashicorp:consul:1.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:hashicorp:consul:1.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:hashicorp:consul:1.2.2:*:*:*:*:*:*:*
https://github.com/hashicorp/consul/releases/tag/v1.20.2
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
6) Insufficient technical documentation
EUVDB-ID: #VU101894
Risk: Low
CVSSv4.0: 0.5 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-51744
CWE-ID:
CWE-1059 - Insufficient Technical Documentation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due due to unclear documentation of the error behavior in "ParseWithClaims". A remote attacker can trick the victim into accepting invalid tokens, which can lead to information disclosure.
Install update from vendor's website.
Vulnerable software versionsConsul: 1.0.0 - 1.20.1
CPE2.3- cpe:2.3:a:hashicorp:consul:1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:hashicorp:consul:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:hashicorp:consul:1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:hashicorp:consul:1.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:hashicorp:consul:1.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:hashicorp:consul:1.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:hashicorp:consul:1.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:hashicorp:consul:1.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:hashicorp:consul:1.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:hashicorp:consul:1.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:hashicorp:consul:1.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:hashicorp:consul:1.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:hashicorp:consul:1.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:hashicorp:consul:1.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:hashicorp:consul:1.2.3:*:*:*:*:*:*:*
https://github.com/hashicorp/consul/releases/tag/v1.20.2
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
