Developer organizations heavily rely on numerous tools to facilitate communication, collaboration, and productivity, and more and more companies are markedly turning to application packaging tools such as Docker and Kubernetes.

Because Docker containers allow you to visualize applications, configurations, libraries , distribute them, and install in one go without the need to work on private PCs or servers, it is being widely preferred by many companies as well as developers.

The 2021 Stack Overflow survey below reveals just how many businesses are using Docker.

Source: Stack Overflow

However, if the Docker container is not properly managed, various vulnerabilities such as code execution, directory traversal, and privilege acquisition leading to fatal damages may occur.

There are a total of 34 known Docker vulnerabilities from 2014 to date, and the number of vulnerabilities scoring above 7 amounted to 9, which also included high-risk vulnerabilities such as double privilege acquisition and code execution.

Source: CVE Details

In particular, since the CVE-2019-5736 vulnerability is a particularly formidable one that exploits the runC bug to gain root privileges of the Host and access container servers and other containers, it is recommendable to immediately patch the versions that are being affected.

Docker CE 18.06.2, 18.09.2 Previous Version, Docker EE 17.06.2-ee-19 Previous Version, 18.03.1-ee-6, 18.09.2

After searching for all global IP addresses on which Dockers run, a total of 27,796 IP addresses were confirmed as being actively used in China, the United States and Republic of Korea consecutively.

IP addresses on which Dockers run

After searching for the vulnerable “Docker 17.06.2” version among all the 27,796 IP addresses, a total of 1,694 IP addresses were confirmed. Even though it was a vulnerability reported in 2019, there are a considerable number of IPs that still operate on vulnerable Docker versions, as evidenced by statistics.

IP addresses on which Dockers run

For a more detailed analysis, let’s take a closer look at IPs that were marked as Inbound: Critical  according to the IP scoring matrix. The IP address is shown to be in a noticeably vulnerable state where the Docker is being in use with port number 1024 along with 6 vulnerabilities and 1 exploit database.

IPs that were marked as Inbound: Critical

Among the identified vulnerabilities, CVE-2019-5736 is confirmed as involving high-level risks. As already explained above, this vulnerability is especially critical in that it utilizes the runC bug to gain root privilege of the host and access container servers and other containers, which indicates that security patch measures need to be immediately put in place. `

Docker versions with identified vulnerabilities should be immediately updated to the latest version. As follow-up measures, you must secure the safety of the development environment by taking protective measures such as hardening Docker configuration and host OS security, managing Docker file image privilege, and separating privilege for each Docker Swarm node.


This article was written by drawing on data provided by Criminal IP. If you are keen to find out more about specific Criminal IP services as well as beta tester recruitment, feel free to head over to our LANDING PAGE that is NOW open!