7.2
CVSSv2

CVE-2020-10665

Published: 18/03/2020 Updated: 27/03/2020
CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Summary

Docker Desktop allows local privilege escalation to NT AUTHORITY\SYSTEM because it mishandles the collection of diagnostics with Administrator privileges, leading to arbitrary DACL permissions overwrites and arbitrary file writes. This affects Docker Desktop Enterprise prior to 2.1.0.9, Docker Desktop for Windows Stable prior to 2.2.0.4, and Docker Desktop for Windows Edge prior to 2.2.2.0.

Vulnerability Trend

Affected Products

Vendor Product Versions
DockerDesktop-, 2.0.0.0, 2.0.0.1, 2.0.0.2, 2.0.0.3, 2.0.0.4, 2.0.0.5, 2.0.0.6, 2.0.1.0, 2.0.2.0, 2.0.2.1, 2.0.3.0, 2.0.4.0, 2.0.4.1, 2.0.5.0, 2.1.0.0, 2.1.0.1, 2.1.0.2, 2.1.0.3, 2.1.0.4, 2.1.0.5, 2.1.0.6, 2.1.0.7, 2.1.0.8, 2.1.1.0, 2.1.2.0, 2.1.3.0, 2.1.4.0, 2.1.5.0, 2.1.6.1, 2.1.7.0, 2.2.0.0, 2.2.0.3, 2.2.1.0