CVE-2020-2023

LOW

Kata Containers <1.11.1, <1.10.5, <=1.9 - Remote Code Execution

Title source: manual

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-2023. PoCs published by ssst0n3.

AI-analyzed exploit summary This repository contains a proof-of-concept exploit for CVE-2020-2023, targeting Kata Containers. The exploit demonstrates container escape techniques by manipulating the guest filesystem via mknod and debugfs, leading to privilege escalation and remote code execution on the host.

Description

Kata Containers doesn't restrict containers from accessing the guest's root filesystem device. Malicious containers can exploit this to gain code execution on the guest and masquerade as the kata-agent. This issue affects Kata Containers 1.11 versions earlier than 1.11.1; Kata Containers 1.10 versions earlier than 1.10.5; and Kata Containers 1.9 and earlier versions.

Exploits (1)

nomisec WORKING POC 3 stars

by ssst0n3 · poc

https://github.com/ssst0n3/kata-cve-2020-2023-poc

View Code ZIP pw:eip

This repository contains a proof-of-concept exploit for CVE-2020-2023, targeting Kata Containers. The exploit demonstrates container escape techniques by manipulating the guest filesystem via mknod and debugfs, leading to privilege escalation and remote code execution on the host.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: Kata Containers 1.11.0

Auth required

Prerequisites: Access to a Kata Containers environment with KVM support · Root access within the container

MITRE ATT&CK