Severity Rating: Medium
Software Affected:
· Docker Engine before 19.03.11
Overview:
A vulnerability has been reported in Docker Engine which could allow an
attacker to obtain sensitive information, or cause a denial of service
condition on the targeted system.
Description
This Vulnerability exists in Docker Engine due to improper handling of the
Configuration in the Docker Engine software. A remote attacker could
exploit this vulnerability by sending the rogue router advertisements with
CAP_NET_RAW capability to the attacker-controlled malicious container and
reconfigure the host to redirect the traffic of the host of the attacker
controlled container.
Successful exploitation of this vulnerability may result to obtain
sensitive information, or cause a denial of service to conduct
man-in-the-middle (MitM) attacks.
Solution
Apply appropriate patches as mentioned in Docker Engine Bulletin:
References:
Vendor Information
Docker Docs
Openwall
CVE Name
CVE-2020-13401
About Cert Advisory
We have created this blog to provide latest security advisory from the india cert for the security vulnerability, threats, attacks and patching required to mitigate any kind of cyber attacks.
![Fwd: [CIVN-2020-0191] Denial of service Vulnerability in nalyzer and FortiManager](http://3.bp.blogspot.com/-ZRo8fwgs65M/UZC2jMJpcLI/AAAAAAAAC5Y/EfoFQsr1wzU/s1600/BS+No+Image.gif )