Vulnerability Details : CVE-2020-10665
Docker Desktop allows local privilege escalation to NT AUTHORITY\SYSTEM because it mishandles the collection of diagnostics with Administrator privileges, leading to arbitrary DACL permissions overwrites and arbitrary file writes. This affects Docker Desktop Enterprise before 2.1.0.9, Docker Desktop for Windows Stable before 2.2.0.4, and Docker Desktop for Windows Edge before 2.2.2.0.
Vulnerability category: Gain privilege
Products affected by CVE-2020-10665
- cpe:2.3:a:docker:desktop:*:*:*:*:edge:*:*:*
- cpe:2.3:a:docker:desktop:*:*:*:*:enterprise:*:*:*
- cpe:2.3:a:docker:desktop:*:*:*:*:windows:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-10665
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 6 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-10665
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST | |
6.7
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
0.8
|
5.9
|
NIST |
CWE ids for CVE-2020-10665
-
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.Assigned by: nvd@nist.gov (Primary)
References for CVE-2020-10665
-
https://docs.docker.com/release-notes/
Docker release notes | Docker DocumentationRelease Notes;Vendor Advisory
-
https://github.com/active-labs/Advisories/blob/master/2020/ACTIVE-2020-002.md
Advisories/ACTIVE-2020-002.md at master · active-labs/Advisories · GitHubThird Party Advisory
-
https://github.com/spaceraccoon/CVE-2020-10665
GitHub - spaceraccoon/CVE-2020-10665: POC for CVE-2020-10665 Docker Desktop Local Privilege EscalationExploit;Third Party Advisory
Jump to