CVE-2017-20198

CRITICAL

DC/OS <1.9.0 - RCE

Title source: llm

Description

The Marathon UI in DC/OS < 1.9.0 allows unauthenticated users to deploy arbitrary Docker containers. Due to improper restriction of volume mount configurations, attackers can deploy a container that mounts the host's root filesystem (/) with read/write privileges. When using a malicious Docker image, the attacker can write to /etc/cron.d/ on the host, achieving arbitrary code execution with root privileges. This impacts any system where the Docker daemon honors Marathon container configurations without policy enforcement.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotepython

https://www.exploit-db.com/exploits/42134

View Code ZIP pw:eip

metasploit WORKING POC EXCELLENT

rubypocpython

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/dcos_marathon.rb

View Code ZIP pw:eip

References (5)

[Various Sources] https://dcos.io/

[Various Sources] https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/http/dcos_marathon.rb

[Various Sources] https://web.archive.org/web/20230609134421/https://warroom.rsmus.com/dcos-marathon-compromise/

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/42134

[Third Party Advisory] https://www.vulncheck.com/advisories/dcos-marathon-docker-mount-abuse-rce

Scores

CVSS v4 9.3

EPSS 0.6676

EPSS Percentile 98.6%

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Details

CWE

CWE-732

Status published

Products (1)

D2iQ, Inc./DC/OS Marathon < 1.9.0

Published Jul 23, 2025

Tracked Since Feb 18, 2026