CVE-2021-37841 – CVE-2021-37841 is an access control vulnerabili... (How to Fix)

Q: What is the severity of CVE-2021-37841?

CVE-2021-37841 has a CVSS score of 7.8 (HIGH). CVE-2021-37841 is an access control vulnerability in Docker Desktop for Windows that allows low-privileged users to compromise containers. Attackers can read, write, and potentially execute code within containers regardless of isolation mode. This affects Windows systems running vulnerable Docker Desktop versions.

📋 TL;DR

CVE-2021-37841 is an access control vulnerability in Docker Desktop for Windows that allows low-privileged users to compromise containers. Attackers can read, write, and potentially execute code within containers regardless of isolation mode. This affects Windows systems running vulnerable Docker Desktop versions.

💻 Affected Systems

Products:

Docker Desktop for Windows

Versions: All versions before 3.6.0

Operating Systems: Windows 10, Windows Server 2016, Windows Server 2019, Windows Server 2022

Default Config Vulnerable: ⚠️ Yes

Notes: Affects both process isolation and Hyper-V isolation modes. Only impacts Windows containers, not Linux containers.

📦 What is this software?

Desktop by Docker

View all CVEs affecting Desktop →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full container compromise leading to lateral movement, data exfiltration, and potential host system compromise through container escape techniques.

🟠

Likely Case

Unauthorized access to container filesystems, sensitive data exposure, and potential privilege escalation within container environments.

🟢

If Mitigated

Limited impact with proper network segmentation, container isolation, and strict access controls preventing low-privileged users from accessing Docker infrastructure.

🌐 Internet-Facing: LOW - This vulnerability requires local access to the Windows host running Docker Desktop.

🏢 Internal Only: HIGH - Internal users with low privileges on Windows systems running Docker Desktop can exploit this vulnerability to compromise containers.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires local access to the Windows host with low privileges. No authentication bypass needed beyond initial low-privileged access.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Docker Desktop 3.6.0 and later

Vendor Advisory: https://docs.docker.com/docker-for-windows/release-notes/

Restart Required: Yes

Instructions:

1. Download Docker Desktop 3.6.0 or later from docker.com. 2. Run the installer. 3. Restart Docker Desktop. 4. Verify version with 'docker version' command.

🔧 Temporary Workarounds

Restrict Docker Desktop Access

windows

Limit user access to systems running Docker Desktop to only authorized administrators

Use Linux Containers

windows

Switch to Linux containers instead of Windows containers if possible

docker context use default
docker run --rm -it alpine sh

🧯 If You Can't Patch

Implement strict access controls to prevent low-privileged users from accessing Docker Desktop hosts
Monitor for suspicious container activity and implement network segmentation for container environments

🔍 How to Verify

Check if Vulnerable:

Check Docker Desktop version in Settings > About Docker Desktop or run 'docker version' and look for version number

Check Version:

docker version --format '{{.Client.Version}}'

Verify Fix Applied:

Confirm Docker Desktop version is 3.6.0 or higher using 'docker version' command

📡 Detection & Monitoring

Log Indicators:

Unusual container creation by low-privileged users
Suspicious file access patterns within containers
Unexpected process execution in containers

Network Indicators:

Unusual outbound connections from containers
Data exfiltration patterns from container environments

SIEM Query:

source="docker" AND (event="container_create" OR event="container_start") AND user!="admin" AND user!="root"

📊 Metadata

CVE ID: CVE-2021-37841

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-732

Published: August 12, 2021

Last Updated: November 21, 2024

🔗 References

https://docs.docker.com/docker-for-windows/release-notes/ Release Notes,Vendor Advisory
https://docs.docker.com/docker-for-windows/release-notes/ Release Notes,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-37841, you might also want to check these: