Description
Acunetix determined that it was possible to access the Hashicorp Consul API without authentication. In a certain configuration of Hashicorp Consul, an unauthentication attacker may be able to archive remote command execution on the server.
Remediation
Restrict access to the Hashicorp Consul API.
References
Related Vulnerabilities
WordPress Plugin File Gallery Remote Code Execution (1.7.9)
OpenSSL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-0703)
PHP unserialize() used on user input
Apache OFBiz SOAPService Deserialization RCE
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-5473)