CVE-2020-11492

An issue was discovered in Docker Desktop through 2.2.0.5 on Windows. If a local attacker sets up their own named pipe prior to starting Docker with the same name, this attacker can intercept a connection attempt from Docker Service (which runs as SYSTEM), and then impersonate their privileges.

CVSS v3 7.8 HIGH
CVSS v2.0 7.2 HIGH

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.2^/10

CVSS v2.0 : HIGH

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://docs.docker.com/docker-for-windows/release-notes/	Release Notes Vendor Advisory
https://www.pentestpartners.com/security-blog/docker-desktop-for-windows-privesc-cve-2020-11492/	Third Party Advisory
https://docs.docker.com/docker-for-windows/release-notes/	Release Notes Vendor Advisory
https://www.pentestpartners.com/security-blog/docker-desktop-for-windows-privesc-cve-2020-11492/	Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:docker:docker_desktop:*:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

History

21 Nov 2024, 04:58

Type	Values Removed	Values Added
References	~~() https://docs.docker.com/docker-for-windows/release-notes/ - Release Notes, Vendor Advisory~~	() https://docs.docker.com/docker-for-windows/release-notes/ - Release Notes, Vendor Advisory
References	~~() https://www.pentestpartners.com/security-blog/docker-desktop-for-windows-privesc-cve-2020-11492/ - Third Party Advisory~~	() https://www.pentestpartners.com/security-blog/docker-desktop-for-windows-privesc-cve-2020-11492/ - Third Party Advisory

Information

Published : 2020-06-05 14:15

Updated : 2024-11-21 04:58

NVD link : CVE-2020-11492

Mitre link : CVE-2020-11492

CVE.ORG link : CVE-2020-11492

JSON object : View

Products Affected

microsoft

windows

docker

docker_desktop

CWE

CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

{"id": "CVE-2020-11492", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2020-06-05T14:15:10.607", "references": [{"url": "https://docs.docker.com/docker-for-windows/release-notes/", "tags": ["Release Notes", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.pentestpartners.com/security-blog/docker-desktop-for-windows-privesc-cve-2020-11492/", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://docs.docker.com/docker-for-windows/release-notes/", "tags": ["Release Notes", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.pentestpartners.com/security-blog/docker-desktop-for-windows-privesc-cve-2020-11492/", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-362"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Docker Desktop through 2.2.0.5 on Windows. If a local attacker sets up their own named pipe prior to starting Docker with the same name, this attacker can intercept a connection attempt from Docker Service (which runs as SYSTEM), and then impersonate their privileges."}, {"lang": "es", "value": "Se detect\u00f3 un problema en Docker Desktop versiones hasta 2.2.0.5 en Windows. Si un atacante local configura su propia tuber\u00eda nombrada antes de iniciar Docker con el mismo nombre, este atacante puede interceptar un intento de conexi\u00f3n desde Docker Service (que se ejecuta como SYSTEM) y luego suplantar sus privilegios"}], "lastModified": "2024-11-21T04:58:00.410", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:docker:docker_desktop:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AE573D67-DE33-49DE-975C-D36AE5BC6C3D", "versionEndIncluding": "2.2.0.5"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}