Fwd: [CIVN-2020-0197] Privilege Escalation Vulnerability in the Windows Docker Desktop

Severity Rating: MEDIUM

Software Affected

Docker Desktop Community version 2.3.0.2

Overview

A vulnerability has been reported in Windows Docker Desktop Service that

could allow an attacker to gain elevated privileges on a targeted system.

Description

This vulnerability exists in the Docker Desktop for Windows when

communicating as a client to child processes. An attacker could exploit

this vulnerability by connecting the affected software to a named pipe

which is set up by a malicious lower privilege process.

Successful exploitation of this vulnerability could allow the attacker to

impersonate the Docker Desktop Service account (SYSTEM) and execute

arbitrary system commands with the highest level privileges.

Solution

Apply updates as available on

https://docs.docker.com/docker-for-windows/release-notes/

Vendor Information

Docker

https://docs.docker.com/docker-for-windows/release-notes/

References

Docker

https://docs.docker.com/docker-for-windows/release-notes/

Zdnet

https://www.zdnet.com/article/privilege-escalation-vulnerability-patched-in

- -docker-desktop-for-windows/

CVE Name

CVE-2020-11492

About Cert Advisory

We have created this blog to provide latest security advisory from the india cert for the security vulnerability, threats, attacks and patching required to mitigate any kind of cyber attacks.

Fwd: [CIVN-2020-0197] Privilege Escalation Vulnerability in the Windows Docker Desktop

About Cert Advisory

Related Posts

Popular Posts

Facebook

Blog Archive