CVE-2018-15514

Exploit

EPSS 5.48%
Published 01.09.2018 01:29:00
Last modified 21.11.2024 03:50:59
Source cve@mitre.org
Teams watchlist Login
Open Login

HandleRequestAsync in Docker for Windows before 18.06.0-ce-rc3-win68 (edge) and before 18.06.0-ce-win72 (stable) deserialized requests over the \\.\pipe\dockerBackend named pipe without verifying the validity of the deserialized .NET objects. This would allow a malicious user in the "docker-users" group (who may not otherwise have administrator access) to escalate to administrator privileges.

Affected products Warnungen 0 Metrics 3 CWE 1 References 7

Data is provided by the National Vulnerability Database (NVD)

Docker ≫ Docker Version1.10.0.0-0 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version1.10.1.42-1 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version1.10.2.12 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version1.10.2.14 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version1.10.4.0 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version1.10.6 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version1.11.0 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version1.11.0 Updatebeta10 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version1.11.0 Updatebeta7 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version1.11.0 Updatebeta8 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version1.11.0 Updatebeta9 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version1.11.1 Updatebeta11 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version1.11.1 Updatebeta11b SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version1.11.1 Updatebeta12 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version1.11.1 Updatebeta13 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version1.11.1 Updatebeta14 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version1.11.2 Updatebeta15 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version1.12.0 SwPlatformwindows

Docker ≫ Docker Version1.12.0 Updatebeta21 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version1.12.0 Updatebeta22 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version1.12.0 Updaterc2-beta16 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version1.12.0 Updaterc2-beta17 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version1.12.0 Updaterc3-beta18 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version1.12.0 Updaterc3-beta18.1 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version1.12.0 Updaterc4-beta19 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version1.12.0 Updaterc4-beta20 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version1.12.1 SwPlatformwindows

Docker ≫ Docker Version1.12.1 Updatebeta24 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version1.12.1 Updatebeta25 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version1.12.1 Updatebeta26 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version1.12.1 Updatebeta29.1 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version1.12.1 Updaterc1-beta23 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version1.12.2 Updatebeta29.2 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version1.12.2 Updaterc1-beta27 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version1.12.2 Updaterc3-beta28 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version1.12.3 SwPlatformwindows

Docker ≫ Docker Version1.12.3 Updatebeta29.3 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version1.12.3 Updatebeta30 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version1.12.3 Updaterc1-beta29 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version1.12.5 SwPlatformwindows

Docker ≫ Docker Version1.13.0 SwPlatformwindows

Docker ≫ Docker Version1.13.0 Updatebeta38 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version1.13.0 Updatebeta39 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version1.13.0 Updaterc2-beta31 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version1.13.0 Updaterc3-beta32 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version1.13.0 Updaterc3-beta32.1 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version1.13.0 Updaterc3-beta33 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version1.13.0 Updaterc4-beta34 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version1.13.0 Updaterc5-beta35 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version1.13.0 Updaterc6-beta36 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version1.13.0 Updaterc7-beta37 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version1.13.1 SwPlatformwindows

Docker ≫ Docker Version1.13.1 Updaterc1-beta40 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version1.13.1 Updaterc2-beta41 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version17.0.4 Updatewin7 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version17.0.5 Updatewin9 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version17.03.0 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version17.03.0 Updaterc1-win1 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version17.03.1 Updatewin12 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version17.04.0 Updatewin6 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version17.06.0 Updatewin13 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version17.06.0 Updatewin14 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version17.06.0 Updatewin15 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version17.06.0 Updatewin16 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version17.06.0 Updatewin17 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version17.06.0 Updatewin18 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version17.06.1 Updaterc1-win20 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version17.06.1 Updaterc1-win24 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version17.06.2 Updatewin27 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version17.07.0 Updaterc1-win21 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version17.07.0 Updaterc2-win22 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version17.07.0 Updaterc3-win23 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version17.07.0 Updaterc4-win25 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version17.07.0 Updatewin26 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version17.09.0 Updaterc1-win28 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version17.09.0 Updaterc2-win29 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version17.09.0 Updaterc3-win30 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version17.09.0 Updatewin31 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version17.09.0 Updatewin32 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version17.09.0 Updatewin33 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version17.09.0 Updatewin34 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version17.09.1 Updatewin42 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version17.10.0 Updatewin36 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version17.11.0 Updaterc2-win37 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version17.11.0 Updaterc3-win38 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version17.11.0 Updaterc4-win39 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version17.11.0 Updatewin40 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version17.12.0 Updaterc2-win41 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version17.12.0 Updaterc3-win43 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version17.12.0 Updaterc4-win44 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version17.12.0 Updatewin45 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version17.12.0 Updatewin46 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version17.12.0 Updatewin47 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version18.01.0 Updatewin48 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version18.02.0 Updaterc1-win50 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version18.02.0 Updaterc2-win51 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version18.02.0 Updatewin52 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version18.03.0 Updaterc3-win56 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version18.03.0 Updatewin58 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version18.03.0 Updatewin59 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version18.03.1 Updatewin65 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version18.04.0 Updaterc2-win61 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version18.05.0 Updaterc1-win63 SwEditioncommunity SwPlatformwindows

Docker ≫ Docker Version18.05.0 Updatewin66 SwEditioncommunity SwPlatformwindows

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	5.48%	0.898

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	6.5	8	6.4	AV:N/AC:L/Au:S/C:P/I:P/A:P

CWE-502 Deserialization of Untrusted Data

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

http://www.securityfocus.com/bid/105202

Third Party Advisory

VDB Entry

https://docs.docker.com/docker-for-windows/edge-release-notes/

Vendor Advisory

https://docs.docker.com/docker-for-windows/release-notes/

Vendor Advisory

https://srcincite.io/blog/2018/08/31/you-cant-contain-me-analyzing-and-exploiting-an-elevation-of-privilege-in-docker-for-windows.html

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2018-15514

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-15514

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-15514

EUVD