Login Sign Up

CVE-2020-35464

9.8 CRITICAL
Authentication Bypass

📋 TL;DR

CVE-2020-35464 is a critical authentication bypass vulnerability in Weave Cloud Agent Docker image version 1.3.0 where the root user has a blank password. This allows remote attackers to gain root access to systems running the vulnerable container. Organizations using Weave Cloud Agent Docker image version 1.3.0 are affected.

💻 Affected Systems

Products:
  • Weave Cloud Agent Docker image
Versions: Version 1.3.0
Operating Systems: Any OS running Docker containers
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects the specific Docker image version; other Weave products are not affected.

📦 What is this software?

Cloud Agent by Weave

View all CVEs affecting Cloud Agent →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with root access, allowing attackers to install malware, exfiltrate data, pivot to other systems, and maintain persistent access.

🟠

Likely Case

Unauthorized root access leading to container escape, data theft, and potential lateral movement within the environment.

🟢

If Mitigated

Limited impact if container runs with non-root user, network segmentation is enforced, and proper access controls are in place.

🌐 Internet-Facing: HIGH - Containers exposed to the internet can be directly attacked without authentication.
🏢 Internal Only: HIGH - Internal attackers or compromised systems can exploit this to gain root privileges.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation is trivial - attackers simply need to connect to the container with blank root password.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Versions after 1.3.0

Vendor Advisory: https://github.com/weaveworks/weave-cloud-agent/security/advisories

Restart Required: Yes

Instructions:

1. Stop all containers running Weave Cloud Agent 1.3.0. 2. Pull updated image: docker pull weaveworks/weave-cloud-agent:latest. 3. Deploy new containers with updated image. 4. Remove old containers and images.

🔧 Temporary Workarounds

Run container as non-root user

linux

Configure container to run with a non-root user to limit impact

docker run -u 1000:1000 weaveworks/weave-cloud-agent:1.3.0

Set root password

linux

Manually set a strong root password in the container

docker exec -it <container_id> passwd root

🧯 If You Can't Patch

  • Isolate affected containers using network segmentation and firewall rules
  • Implement strict access controls and monitor for unauthorized root login attempts

🔍 How to Verify

Check if Vulnerable:

Check Docker image version: docker images | grep weave-cloud-agent

Check Version:

docker inspect <container_id> | grep -i version

Verify Fix Applied:

Verify new container version and test root login with blank password (should fail)

📡 Detection & Monitoring

Log Indicators:

  • Failed or successful root login attempts with blank/no password
  • Unexpected root user activity in container logs

Network Indicators:

  • Unexpected SSH or remote access connections to container ports

SIEM Query:

source="docker" AND (event="login" OR event="authentication") AND user="root" AND result="success"

📊 Metadata

CVE ID: CVE-2020-35464
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-306
Published: December 15, 2020
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-35464, you might also want to check these:

CVE-2025-32433 10.0

This CVE describes a critical vulnerability in Erlang/OTP's SSH server that allows unauthenticated r...

Same vulnerability type (CWE-306)
CVE-2026-23693 10.0

The ElementsKit Lite WordPress plugin versions before 3.7.9 expose an unauthenticated REST endpoint ...

Same vulnerability type (CWE-306)
CVE-2025-58083 10.0

The General Industrial Controls Lynx+ Gateway has a critical authentication bypass vulnerability in ...

Same vulnerability type (CWE-306)