CVE-2018-15514

Exploit

EPSS 3.18%
Veröffentlicht 01.09.2018 01:29:00
Zuletzt bearbeitet 21.11.2024 03:50:59
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

HandleRequestAsync in Docker for Windows before 18.06.0-ce-rc3-win68 (edge) and before 18.06.0-ce-win72 (stable) deserialized requests over the \\.\pipe\dockerBackend named pipe without verifying the validity of the deserialized .NET objects. This would allow a malicious user in the "docker-users" group (who may not otherwise have administrator access) to escalate to administrator privileges.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 7

NVD 104 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Docker ≫ Docker Version1.10.0.0-0 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version1.10.1.42-1 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version1.10.2.12 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version1.10.2.14 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version1.10.4.0 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version1.10.6 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version1.11.0 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version1.11.0 Updatebeta10 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version1.11.0 Updatebeta7 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version1.11.0 Updatebeta8 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version1.11.0 Updatebeta9 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version1.11.1 Updatebeta11 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version1.11.1 Updatebeta11b SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version1.11.1 Updatebeta12 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version1.11.1 Updatebeta13 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version1.11.1 Updatebeta14 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version1.11.2 Updatebeta15 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version1.12.0 SwPlatformwindows

Docker ≫ Docker Version1.12.0 Updatebeta21 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version1.12.0 Updatebeta22 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version1.12.0 Updaterc2-beta16 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version1.12.0 Updaterc2-beta17 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version1.12.0 Updaterc3-beta18 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version1.12.0 Updaterc3-beta18.1 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version1.12.0 Updaterc4-beta19 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version1.12.0 Updaterc4-beta20 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version1.12.1 SwPlatformwindows

Docker ≫ Docker Version1.12.1 Updatebeta24 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version1.12.1 Updatebeta25 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version1.12.1 Updatebeta26 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version1.12.1 Updatebeta29.1 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version1.12.1 Updaterc1-beta23 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version1.12.2 Updatebeta29.2 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version1.12.2 Updaterc1-beta27 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version1.12.2 Updaterc3-beta28 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version1.12.3 SwPlatformwindows

Docker ≫ Docker Version1.12.3 Updatebeta29.3 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version1.12.3 Updatebeta30 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version1.12.3 Updaterc1-beta29 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version1.12.5 SwPlatformwindows

Docker ≫ Docker Version1.13.0 SwPlatformwindows

Docker ≫ Docker Version1.13.0 Updatebeta38 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version1.13.0 Updatebeta39 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version1.13.0 Updaterc2-beta31 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version1.13.0 Updaterc3-beta32 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version1.13.0 Updaterc3-beta32.1 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version1.13.0 Updaterc3-beta33 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version1.13.0 Updaterc4-beta34 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version1.13.0 Updaterc5-beta35 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version1.13.0 Updaterc6-beta36 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version1.13.0 Updaterc7-beta37 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version1.13.1 SwPlatformwindows

Docker ≫ Docker Version1.13.1 Updaterc1-beta40 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version1.13.1 Updaterc2-beta41 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version17.0.4 Updatewin7 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version17.0.5 Updatewin9 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version17.03.0 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version17.03.0 Updaterc1-win1 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version17.03.1 Updatewin12 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version17.04.0 Updatewin6 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version17.06.0 Updatewin13 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version17.06.0 Updatewin14 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version17.06.0 Updatewin15 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version17.06.0 Updatewin16 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version17.06.0 Updatewin17 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version17.06.0 Updatewin18 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version17.06.1 Updaterc1-win20 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version17.06.1 Updaterc1-win24 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version17.06.2 Updatewin27 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version17.07.0 Updaterc1-win21 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version17.07.0 Updaterc2-win22 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version17.07.0 Updaterc3-win23 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version17.07.0 Updaterc4-win25 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version17.07.0 Updatewin26 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version17.09.0 Updaterc1-win28 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version17.09.0 Updaterc2-win29 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version17.09.0 Updaterc3-win30 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version17.09.0 Updatewin31 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version17.09.0 Updatewin32 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version17.09.0 Updatewin33 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version17.09.0 Updatewin34 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version17.09.1 Updatewin42 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version17.10.0 Updatewin36 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version17.11.0 Updaterc2-win37 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version17.11.0 Updaterc3-win38 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version17.11.0 Updaterc4-win39 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version17.11.0 Updatewin40 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version17.12.0 Updaterc2-win41 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version17.12.0 Updaterc3-win43 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version17.12.0 Updaterc4-win44 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version17.12.0 Updatewin45 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version17.12.0 Updatewin46 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version17.12.0 Updatewin47 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version18.01.0 Updatewin48 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version18.02.0 Updaterc1-win50 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version18.02.0 Updaterc2-win51 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version18.02.0 Updatewin52 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version18.03.0 Updaterc3-win56 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version18.03.0 Updatewin58 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version18.03.0 Updatewin59 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version18.03.1 Updatewin65 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version18.04.0 Updaterc2-win61 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version18.05.0 Updaterc1-win63 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version18.05.0 Updatewin66 SwEditioncommunity SwPlatformwindows

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	3.18%	0.868

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	6.5	8	6.4	AV:N/AC:L/Au:S/C:P/I:P/A:P

CWE-502 Deserialization of Untrusted Data

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

http://www.securityfocus.com/bid/105202

Third Party Advisory

VDB Entry

https://docs.docker.com/docker-for-windows/edge-release-notes/

Vendor Advisory

https://docs.docker.com/docker-for-windows/release-notes/

Vendor Advisory

https://srcincite.io/blog/2018/08/31/you-cant-contain-me-analyzing-and-exploiting-an-elevation-of-privilege-in-docker-for-windows.html

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2018-15514

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-15514

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-15514

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2018-15514