CVE-2023-1297

low-risk
Published 2023-06-02

Consul and Consul Enterprise's cluster peering implementation contained a flaw whereby a peer cluster with service of the same name as a local service could corrupt Consul state, resulting in denial of service. This vulnerability was resolved in Consul 1.14.5, and 1.15.3

Do I need to act?

-
0.24% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
4
CVSS 4.9/10 Medium
NETWORK / LOW complexity

Affected Products (2)

Affected Vendors

Hashicorp

References (2)

Vendor Advisory https://discuss.hashicorp.com/t/hcsec-2023-15-consul-cluster-peering-can-result-...
Vendor Advisory https://discuss.hashicorp.com/t/hcsec-2023-15-consul-cluster-peering-can-result-...
28
/ 100
low-risk
Severity 20/34 · Moderate
Exploitability 1/34 · Minimal
Exposure 7/34 · Low