#VU28556 Spoofing attack in Docker - CVE-2020-13401


| Updated: 2021-04-01

Vulnerability identifier: #VU28556

Vulnerability risk: Medium

CVSSv4.0: 2 [CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/U:Green]

CVE-ID: CVE-2020-13401

CWE-ID: CWE-451

Exploitation vector: Local network

Exploit availability: Yes

Vulnerable software:
Docker
Server applications / Virtualization software

Vendor: Docker Inc.

Description

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to incorrect processing of IPv6 router advertisements. An attacker in a container, with the CAP_NET_RAW capability, can craft IPv6 router advertisements, and consequently spoof external IPv6 hosts, obtain sensitive information, or cause a denial of service.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Docker: 19.03.0 - 19.03.10

External links
https://www.openwall.com/lists/oss-security/2020/06/01/5
https://docs.docker.com/engine/release-notes/
https://github.com/docker/docker-ce/releases/tag/v19.03.11

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.


Latest bulletins with this vulnerability


Spoofing attack in IBM Cloud Automation Manager
Gentoo update for Docker
Spoofing attack in IBM Cloud Automation Manager
Debian update for docker.io
OpenSUSE Linux update for containerd, docker, docker-runc, golang-github-docker-libnetwork
Amazon Linux AMI update for docker
Spoofing attack in Docker
Spoofing attack in docker (Alpine package)