Published: 01/09/2018 Updated: 09/11/2018

CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 578

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

HandleRequestAsync in Docker for Windows prior to 18.06.0-ce-rc3-win68 (edge) and prior to 18.06.0-ce-win72 (stable) deserialized requests over the \\.\pipe\dockerBackend named pipe without verifying the validity of the deserialized .NET objects. This would allow a malicious user in the "docker-users" group (who may not otherwise have administrator access) to escalate to administrator privileges.

Vulnerable Product	Search on Vulmon	Subscribe to Product
docker docker 1.13.1
docker docker 1.13.0
docker docker 1.12.2
docker docker 1.12.1
docker docker 1.11.1
docker docker 1.11.0
docker docker 18.03.0
docker docker 18.02.0
docker docker 17.09.0
docker docker 17.07.0
docker docker 17.03.0
docker docker 1.12.5
docker docker 17.03.1
docker docker 18.03.1
docker docker 1.12.3
docker docker 1.12.0
docker docker 1.10.4.0
docker docker 1.10.2.14
docker docker 1.10.2.12
docker docker 1.10.1.42-1
docker docker 17.12.0
docker docker 17.11.0
docker docker 17.06.1
docker docker 17.06.0
docker docker 17.09.1
docker docker 18.05.0
docker docker 18.04.0
docker docker 17.0.5
docker docker 17.04.0
docker docker 17.06.2
docker docker 1.11.2
docker docker 1.10.6
docker docker 1.10.0.0-0
docker docker 18.01.0
docker docker 17.10.0
docker docker 17.0.4

CWE-502 https://srcincite.io/blog/2018/08/31/you-cant-contain-me-analyzing-and-exploiting-an-elevation-of-privilege-in-docker-for-windows.html https://docs.docker.com/docker-for-windows/release-notes/https://docs.docker.com/docker-for-windows/edge-release-notes/http://www.securityfocus.com/bid/105202 https://nvd.nist.gov

CVE-2018-15514

Vulnerability Summary

Vulnerability Trend

References

Vulmon Search

About

Products

Connect