Login Sign Up

CVE-2023-0633

7.2 HIGH

📋 TL;DR

This vulnerability in Docker Desktop for Windows allows local attackers to escalate privileges through argument injection in the installer. Attackers with local access can exploit this to gain elevated system permissions. Only Windows users running Docker Desktop versions before 4.12.0 are affected.

💻 Affected Systems

Products:
  • Docker Desktop
Versions: All versions before 4.12.0
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects Docker Desktop on Windows platforms. Docker Desktop on macOS/Linux and Docker Engine are not affected.

📦 What is this software?

Docker Desktop by Docker

View all CVEs affecting Docker Desktop →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise where an attacker gains SYSTEM/administrator privileges, enabling complete control over the Windows host.

🟠

Likely Case

Local privilege escalation allowing attackers to bypass security controls, install malware, or access restricted resources.

🟢

If Mitigated

Limited impact with proper user account controls and restricted local access, though privilege escalation remains possible.

🌐 Internet-Facing: LOW - This is a local privilege escalation vulnerability requiring local access to exploit.
🏢 Internal Only: HIGH - Internal users with local access to Docker Desktop installations can exploit this to gain elevated privileges.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Requires local access to the Windows system. The argument injection vulnerability in the installer component enables privilege escalation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 4.12.0

Vendor Advisory: https://docs.docker.com/desktop/release-notes/#4120

Restart Required: Yes

Instructions:

1. Open Docker Desktop application. 2. Click on the Settings/Preferences menu. 3. Navigate to Software Updates. 4. Check for updates and install version 4.12.0 or later. 5. Restart Docker Desktop and the system if prompted.

🔧 Temporary Workarounds

Restrict Local Access

windows

Limit local user access to systems running vulnerable Docker Desktop versions

Use Docker Engine Instead

windows

Replace Docker Desktop with Docker Engine for Windows Server environments

🧯 If You Can't Patch

  • Implement strict least-privilege access controls for all user accounts
  • Monitor for suspicious privilege escalation attempts using Windows Event Logs

🔍 How to Verify

Check if Vulnerable:

Check Docker Desktop version in Settings > About Docker Desktop. If version is below 4.12.0, the system is vulnerable.

Check Version:

docker version --format '{{.Client.Version}}' (Note: This shows Docker CLI version, not Docker Desktop version)

Verify Fix Applied:

Verify Docker Desktop version is 4.12.0 or higher in Settings > About Docker Desktop.

📡 Detection & Monitoring

Log Indicators:

  • Windows Event Logs showing unexpected privilege escalation
  • Docker Desktop installer process spawning with unusual arguments

Network Indicators:

  • No network indicators as this is a local privilege escalation

SIEM Query:

EventID=4688 AND ProcessName LIKE '%docker%' AND CommandLine CONTAINS suspicious_arguments

📊 Metadata

CVE ID: CVE-2023-0633
CVSS v3 Score: 7.2 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
CWE: CWE-88
Published: September 25, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-0633, you might also want to check these:

CVE-2023-6269 10.0

An argument injection vulnerability in Atos Unify OpenScape SBC, Branch, and BCF products allows una...

Same vulnerability type (CWE-88)
CVE-2024-47553 9.9

This vulnerability in Siemens SINEC Security Monitor allows authenticated low-privileged remote atta...

Same vulnerability type (CWE-88)
CVE-2024-39930 9.9

This vulnerability allows authenticated attackers to execute arbitrary code on Gogs servers by explo...

Same vulnerability type (CWE-88)