CVE-2019-15752

HIGH KEV

Docker < 2.1.0.1 - Incorrect Permission Assignment

Title source: rule

Description

Docker Desktop Community Edition before 2.1.0.1 allows local users to gain privileges by placing a Trojan horse docker-credential-wincred.exe file in %PROGRAMDATA%\DockerDesktop\version-bin\ as a low-privilege user, and then waiting for an admin or service user to authenticate with Docker, restart Docker, or run 'docker login' to force the command.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubylocalwindows

https://www.exploit-db.com/exploits/48388

View Code ZIP pw:eip

metasploit WORKING POC MANUAL

by Morgan Roman, bwatters-r7 · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/local/docker_credential_wincred.rb

View Code ZIP pw:eip

References (4)

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/157404/Docker-Credential-Wincred.exe-Privilege-Escalation.html

[Mailing List] https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E

[Exploit, Third Party Advisory] https://medium.com/%40morgan.henry.roman/elevation-of-privilege-in-docker-for-windows-2fd8450b478e

[US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-15752

Scores

CVSS v3 7.8

EPSS 0.4932

EPSS Percentile 97.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CISA KEV 2021-11-03

VulnCheck KEV 2021-11-03

InTheWild.io 2021-07-23

ENISA EUVD EUVD-2019-6687

CWE

CWE-732

Status published

Products (2)

apache/geode 1.12.0

docker/docker < 2.1.0.1

Published Aug 28, 2019

KEV Added Nov 03, 2021

Tracked Since Feb 18, 2026