TCP Dangerous Other

Port 2375 (Docker)

Learn about port 2375 (Docker) - security risks, vulnerabilities, and common uses. Find devices with port 2375 open.

Quick Info

Port Number

2375

Protocol

TCP

Service

Docker

IANA Name

Docker

Service Description

Port 2375 (TCP) is commonly associated with the Docker daemon, specifically when configured to listen for unencrypted, unauthenticated connections. This port allows remote access to the Docker Engine API. The Docker Engine API is a RESTful API that enables programmatic control over Docker containers, images, networks, and volumes. Historically, the default configuration of Docker often involved listening on this port without TLS encryption, making it susceptible to unauthorized access and control. At a technical level, when a client connects to port 2375, it can send HTTP requests formatted according to the Docker Engine API specification. These requests can instruct the Docker daemon to perform various actions, such as creating, starting, stopping, or deleting containers; pulling images from registries; or executing commands within containers. The lack of authentication and encryption means that anyone with network access to this port can potentially manipulate the Docker environment.

## Firewall Recommendations

Port 2375 should be blocked by default unless absolutely necessary for remote Docker management. If remote access is required, it is imperative to enable TLS encryption and client authentication using certificates. Never expose the Docker daemon on port 2375 to the public internet without proper security measures. Implement strong firewall rules to restrict access to this port only from trusted sources. Regularly audit Docker configurations and update to the latest version to patch known vulnerabilities. Consider using alternative methods for remote management, such as SSH tunneling or VPNs, to further enhance security. If port 2375 MUST be used, ensure client authentication is enabled and only authorized IP addresses are allowed to connect. Consider using Docker Swarm or Kubernetes for container orchestration, as they provide more robust security features and management capabilities.

Security Information

Exposing the Docker daemon on port 2375 without TLS encryption and authentication poses significant security risks. Attackers can gain complete control over the host system by leveraging the Docker API to execute arbitrary commands within a privileged container. This can lead to data exfiltration, malware installation, denial-of-service attacks, or the complete compromise of the underlying infrastructure. The lack of authentication means that anyone with network access can issue commands to the Docker daemon. This is a prime target for attackers scanning for open ports, as successful exploitation grants them root-level privileges on the Docker host. Misconfigured or outdated Docker installations are particularly vulnerable, making them attractive targets for automated attacks and targeted intrusions.

Known Vulnerabilities

CVE	Name	Severity	Description
CVE-2019-5736	runC Container Escape	Critical	Уязвимость в runC, используемом Docker, позволяющая злоумышленнику скомпрометировать хост-систему изнутри контейнера.
CVE-2019-14271	Docker cp local privilege escalation	High	Уязвимость в Docker cp, позволяющая пользователю с ограниченными правами повысить свои привилегии на хост-системе.