10 - cisco-sa-20161221-cco

A vulnerability in the Docker Engine configuration of Cisco CloudCenter Orchestrator (CCO) (formely CliQr) could allow an unauthenticated, remote attacker to install Docker containers with high privileges on the affected system.

The vulnerability is due to a misconfiguration that causes the Docker Engine management port to be reachable outside of the CloudCenter Orchestrator system. An attacker could exploit this vulnerability by loading Docker containers on the affected system with arbitrary privileges. As a secondary impact this may allow the attacker to gain root privileges on the affected CloudCenter Orchestrator.

Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161221-cco

BEGIN PGP SIGNATURE

iQIcBAEBCgAGBQJYWooEAAoJEK89gD3EAJB5K9QQAMPU3MTq35Umr6OV4D3c1SZo zknAHNh19knzUB4271mbZmdPhD7xUwDvcnDTsF/+pGWNa3aBpnCZkUvy/pi3h3kQ zZJhFErUUnkSSUoeqvsvclJOYo3C1+DozgOlp1SNDgUYxpH8m4H47gcSns93pMbw Xj/yWzsZ/9/4yw31+C0kcTpTKPW++yCrRHWjd6EAZMl73IoElqamxGQh+dgEt/R/ rvpviptlc6Jyzv21ETDYDbugab8j2VhPRH24fk6uImaKGTgEAj9z2aVDZew2sbZB 49O1BSLlL9RyXv1BRxVltM6y9poEpxbLRij4VtN4iiry1KFcwZWQmZuAlrEDaM94 aj3zXU/G6LHMMF7sOmzXFdxlua+8jwaN06C7iLH1AowDV1XmBJsN9ssBC3VwicZ/ HpqpWK4ixkQi7hrH9m47xo+m+REtWi7gIeC9if9oOXhy8qv9XmwXUWK7n10u0H2E fBhpyQWG/sR2CfCg3WZtwn3l5VhDfvk+ncQfCRSOpmAeEPbbDSmgrshMvRe2Y0sj LlwfHbDxui3VwSG6mNTDl70WDEt9ariDEYwC0jXYZl/Mfq7BmyvvObEKED8o10Jz 1Ya+8trc1WOlR95bPBG4yQ0qHwZXSvJfGtvTrwK+LNTqyeKelhUV6R/d37Eu6w3b 3E1LAh/dENRvzwzazGrr =oj1u END PGP SIGNATURE _______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com