Executive Summary

Title Cisco CloudCenter Orchestrator Docker Engine Privilege Escalation Vulnerability
Name cisco-sa-20161221-cco First vendor Publication 2016-12-21
Vendor Cisco Last vendor Modification 2016-12-21
Severity (Vendor) N/A Revision 1.0

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 10 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores


A vulnerability in the Docker Engine configuration of Cisco CloudCenter Orchestrator (CCO) (formely CliQr) could allow an unauthenticated, remote attacker to install Docker containers with high privileges on the affected system.

The vulnerability is due to a misconfiguration that causes the Docker Engine management port to be reachable outside of the CloudCenter Orchestrator system. An attacker could exploit this vulnerability by loading Docker containers on the affected system with arbitrary privileges. As a secondary impact this may allow the attacker to gain root privileges on the affected CloudCenter Orchestrator.

Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161221-cco


iQIcBAEBCgAGBQJYWooEAAoJEK89gD3EAJB5K9QQAMPU3MTq35Umr6OV4D3c1SZo zknAHNh19knzUB4271mbZmdPhD7xUwDvcnDTsF/+pGWNa3aBpnCZkUvy/pi3h3kQ zZJhFErUUnkSSUoeqvsvclJOYo3C1+DozgOlp1SNDgUYxpH8m4H47gcSns93pMbw Xj/yWzsZ/9/4yw31+C0kcTpTKPW++yCrRHWjd6EAZMl73IoElqamxGQh+dgEt/R/ rvpviptlc6Jyzv21ETDYDbugab8j2VhPRH24fk6uImaKGTgEAj9z2aVDZew2sbZB 49O1BSLlL9RyXv1BRxVltM6y9poEpxbLRij4VtN4iiry1KFcwZWQmZuAlrEDaM94 aj3zXU/G6LHMMF7sOmzXFdxlua+8jwaN06C7iLH1AowDV1XmBJsN9ssBC3VwicZ/ HpqpWK4ixkQi7hrH9m47xo+m+REtWi7gIeC9if9oOXhy8qv9XmwXUWK7n10u0H2E fBhpyQWG/sR2CfCg3WZtwn3l5VhDfvk+ncQfCRSOpmAeEPbbDSmgrshMvRe2Y0sj LlwfHbDxui3VwSG6mNTDl70WDEt9ariDEYwC0jXYZl/Mfq7BmyvvObEKED8o10Jz 1Ya+8trc1WOlR95bPBG4yQ0qHwZXSvJfGtvTrwK+LNTqyeKelhUV6R/d37Eu6w3b 3E1LAh/dENRvzwzazGrr =oj1u END PGP SIGNATURE _______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com

Original Source

Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...)

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-264 Permissions, Privileges, and Access Controls

CPE : Common Platform Enumeration

Application 4

Snort® IPS/IDS

Date Description
2016-12-22 Docker management traffic detected
RuleID : 41093 - Revision : 1 - Type : POLICY-OTHER

Alert History

If you want to see full details history, please login or register.
Date Informations
2016-12-27 21:28:33
  • Multiple Updates
2016-12-21 17:23:15
  • First insertion