Login Sign Up

CVE-2021-3162

7.8 HIGH

📋 TL;DR

CVE-2021-3162 is a local privilege escalation vulnerability in Docker Desktop for macOS where improper certificate checking allows attackers to gain elevated privileges. This affects macOS users running Docker Desktop Community versions before 2.5.0.0. An attacker with local access could exploit this to execute code with higher privileges than intended.

💻 Affected Systems

Products:
  • Docker Desktop Community
Versions: All versions before 2.5.0.0
Operating Systems: macOS
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects Docker Desktop on macOS, not Docker Engine on Linux or Windows Docker Desktop.

📦 What is this software?

Docker by Docker

View all CVEs affecting Docker →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local attacker gains root privileges on the macOS host system, enabling complete system compromise, data theft, and persistence.

🟠

Likely Case

Local user or malware escalates privileges to install additional malicious software, access sensitive data, or modify system configurations.

🟢

If Mitigated

With proper access controls and monitoring, impact is limited to isolated Docker environments without affecting critical host systems.

🌐 Internet-Facing: LOW - This is a local privilege escalation requiring local access to the system.
🏢 Internal Only: HIGH - Internal users with local access to vulnerable macOS systems with Docker Desktop can exploit this for privilege escalation.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires local access to the macOS system. Public proof-of-concept code exists and demonstrates the certificate validation bypass.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.5.0.0 and later

Vendor Advisory: https://docs.docker.com/docker-for-mac/release-notes/#docker-desktop-community-2500

Restart Required: Yes

Instructions:

1. Open Docker Desktop on macOS. 2. Click the Docker menu icon. 3. Select 'Check for Updates'. 4. Install version 2.5.0.0 or later. 5. Restart Docker Desktop after installation.

🔧 Temporary Workarounds

Disable Docker Desktop

all

Temporarily disable Docker Desktop to prevent exploitation while planning upgrade.

docker --context desktop-linux stop
docker --context desktop-linux rm -f $(docker --context desktop-linux ps -aq)

🧯 If You Can't Patch

  • Restrict local access to macOS systems running vulnerable Docker Desktop versions
  • Implement strict privilege separation and monitor for unusual privilege escalation attempts

🔍 How to Verify

Check if Vulnerable:

Check Docker Desktop version in About Docker Desktop menu or run: docker version --format '{{.Client.Version}}'

Check Version:

docker version --format '{{.Client.Version}}'

Verify Fix Applied:

Verify version is 2.5.0.0 or higher using: docker version --format '{{.Client.Version}}'

📡 Detection & Monitoring

Log Indicators:

  • Unexpected privilege escalation events in macOS system logs
  • Docker Desktop certificate validation errors

Network Indicators:

  • Local certificate validation bypass attempts

SIEM Query:

source="macos_system_logs" AND (event="privilege_escalation" OR process="docker")

📊 Metadata

CVE ID: CVE-2021-3162
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-295
Published: January 15, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-3162, you might also want to check these:

CVE-2025-68121 10.0

This vulnerability in Go's crypto/tls package allows TLS session resumption to succeed when it shoul...

Same vulnerability type (CWE-295)
CVE-2024-5261 9.8

LibreOfficeKit mode in LibreOffice versions before 24.2.4 disables TLS certificate verification when...

Same vulnerability type (CWE-295)
CVE-2023-51837 9.8

MeshCentral 1.1.16 fails to properly validate SSL certificates when establishing connections, allowi...

Same vulnerability type (CWE-295)