cbcvebase.
CVE-2020-10665
published 2020-03-18

CVE-2020-10665: Docker Desktop allows local privilege escalation to NT AUTHORITY\SYSTEM because it mishandles the collection of diagnostics with Administrator privileges…

PriorityP432medium6.7CVSS 3.1
AVLACLPRHUINSUCHIHAH
EPSS
1.44%
69.8th percentile
Docker Desktop allows local privilege escalation to NT AUTHORITY\SYSTEM because it mishandles the collection of diagnostics with Administrator privileges, leading to arbitrary DACL permissions overwrites and arbitrary file writes. This affects Docker Desktop Enterprise before 2.1.0.9, Docker Desktop for Windows Stable before 2.2.0.4, and Docker Desktop for Windows Edge before 2.2.2.0.

Affected

3 ranges
VendorProductVersion rangeFixed in
dockerdesktop< 2.1.0.92.1.0.9
dockerdesktop< 2.2.0.42.2.0.4
dockerdesktop< 2.2.2.02.2.2.0

CVSS provenance

nvdv3.16.7MEDIUMCVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.2HIGHAV:L/AC:L/Au:N/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.