7.5

CVE-2021-32574

HashiCorp Consul and Consul Enterprise 1.3.0 through 1.10.0 Envoy proxy TLS configuration does not validate destination service identity in the encoded subject alternative name. Fixed in 1.8.14, 1.9.8, and 1.10.1.

Data is provided by the National Vulnerability Database (NVD)
HashicorpConsul SwEdition- Version >= 1.3.0 < 1.8.14
HashicorpConsul SwEditionenterprise Version >= 1.3.0 < 1.8.14
HashicorpConsul SwEdition- Version >= 1.9.0 < 1.9.8
HashicorpConsul SwEditionenterprise Version >= 1.9.0 < 1.9.8
HashicorpConsul SwEdition- Version >= 1.10.0 < 1.10.1
HashicorpConsul SwEditionenterprise Version >= 1.10.0 < 1.10.1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 1.3% 0.791
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:P/A:N
CWE-295 Improper Certificate Validation

The product does not validate, or incorrectly validates, a certificate.