CVE-2020-10749

MEDIUM

containernetworking/plugins <0.8.6 - Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-10749. PoCs published by knqyf263.

AI-analyzed exploit summary This PoC demonstrates CVE-2020-10749, a Kubernetes IPv6 MitM vulnerability via rogue router advertisements. It includes scripts to send fake router advertisements and intercept traffic, redirecting victim requests to a malicious server.

Description

A vulnerability was found in all versions of containernetworking/plugins before version 0.8.6, that allows malicious containers in Kubernetes clusters to perform man-in-the-middle (MitM) attacks. A malicious container can exploit this flaw by sending rogue IPv6 router advertisements to the host or other containers, to redirect traffic to the malicious container.

Exploits (1)

nomisec WORKING POC 25 stars

by knqyf263 · poc

https://github.com/knqyf263/CVE-2020-10749

View Code ZIP pw:eip

This PoC demonstrates CVE-2020-10749, a Kubernetes IPv6 MitM vulnerability via rogue router advertisements. It includes scripts to send fake router advertisements and intercept traffic, redirecting victim requests to a malicious server.

Classification

Working Poc 100%

Attack Type

Other

Complexity

Moderate

Reliability

Reliable

Target: Kubernetes kubelet v1.18.0-v1.18.3, v1.17.0-v1.17.6, < v1.16.11

No auth needed

Prerequisites: Kubernetes cluster with vulnerable kubelet versions · IPv6 enabled on the cluster · Ability to deploy pods in the cluster

MITRE ATT&CK

T1557 - Adversary-in-the-Middle

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Core References

Issue Tracking, Third Party Advisory x_refsource_confirm

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10749

Mailing List x_refsource_misc

https://groups.google.com/forum/#%21topic/kubernetes-security-announce/BMb_6ICCfp8

Broken Link, Third Party Advisory vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00063.html

Broken Link, Third Party Advisory vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00065.html

Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DV3HCDZYUTPPVDUMTZXDKK6IUO3JMGJC/

Scores

CVSS v3 6.0

EPSS 0.0241

EPSS Percentile 81.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L

Details

CWE

CWE-300

Status published

Products (6)

containernetworking/plugins 0 - 0.8.6Go

fedoraproject/fedora 32

linuxfoundation/cni_network_plugins < 0.8.6

redhat/enterprise_linux 7.0

redhat/enterprise_linux 8.0

redhat/openshift_container_platform 4.0

Published Jun 03, 2020

Tracked Since Feb 18, 2026