CVE-2020-13401

MEDIUM

Docker Engine < 19.03.11 - IPv6 Router Advertisement Spoofing via CAP_NET_RAW

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-13401. PoCs published by arax-zaeimi.

AI-analyzed exploit summary This repository provides a detailed writeup and simulation steps for CVE-2020-13401, a vulnerability in Docker Engine versions before 19.03.11 where containers accept fake IPv6 Router Advertisement (RA) messages, leading to potential man-in-the-middle attacks. It includes setup instructions, exploitation steps using Scapy, and mitigation recommendations.

Description

An issue was discovered in Docker Engine before 19.03.11. An attacker in a container, with the CAP_NET_RAW capability, can craft IPv6 router advertisements, and consequently spoof external IPv6 hosts, obtain sensitive information, or cause a denial of service.

Exploits (1)

nomisec WRITEUP 2 stars
by arax-zaeimi · poc
https://github.com/arax-zaeimi/Docker-Container-CVE-2020-13401

This repository provides a detailed writeup and simulation steps for CVE-2020-13401, a vulnerability in Docker Engine versions before 19.03.11 where containers accept fake IPv6 Router Advertisement (RA) messages, leading to potential man-in-the-middle attacks. It includes setup instructions, exploitation steps using Scapy, and mitigation recommendations.

Classification
Writeup 90%
Attack Type
Other
Complexity
Moderate
Reliability
Reliable
Target: Docker Engine < 19.03.11
No auth needed
Prerequisites: Docker Engine < 19.03.11 · IPv6 enabled on host · Scapy installed in a container · CAP_NET_RAW capability
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (9)

Core 9
Core References
Release Notes, Vendor Advisory x_refsource_misc
https://docs.docker.com/engine/release-notes/
Mailing List, Third Party Advisory x_refsource_misc
http://www.openwall.com/lists/oss-security/2020/06/01/5
Release Notes, Third Party Advisory x_refsource_confirm
https://github.com/docker/docker-ce/releases/tag/v19.03.11
Third Party Advisory vendor-advisory x_refsource_debian
https://www.debian.org/security/2020/dsa-4716
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20200717-0002/
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/202008-15

Scores

CVSS v3 6.0
EPSS 0.1287
EPSS Percentile 94.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L

Details

CWE
CWE-20
Status published
Products (6)
broadcom/sannav
debian/debian_linux 10.0
docker/docker-ce 0 - 19.03.11Go
docker/engine < 19.03.11
fedoraproject/fedora 31
fedoraproject/fedora 32
Published Jun 02, 2020
Tracked Since Feb 18, 2026