A vulnerability in the Docker Engine configuration of Cisco CloudCenter Orchestrator (CCO; formerly CliQr) could allow an unauthenticated, remote attacker to install Docker containers with high privileges on the affected system. Affected Products: This vulnerability affect all releases of Cisco CloudCenter Orchestrator (CCO) deployments where the Docker Engine TCP port 2375 is open on the system and bound to local address 0.0.0.0 (any interface).
Score CVSS v3.0
9.8
/ 10.0
CRITICAL
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Informations
- Publié
- 26 déc. 2016
- Mis à jour
- 12 avr. 2025
- Statut
- Deferred
- Source
- psirt@cisco.com
Produits affectés
cisco cloudcenter orchestrator
Versions : 4.4.0, 4.5.0, 4.6.0, 4.6.1
Faiblesses (CWE)
CWE-264
Références (4)
- http://www.securityfocus.com/bid/95024Third Party AdvisoryVDB Entry
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161221-ccoMitigationVendor Advisory
- http://www.securityfocus.com/bid/95024Third Party AdvisoryVDB Entry
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161221-ccoMitigationVendor Advisory
CVEs similaires
Autres vulnérabilités de type CWE-264
Loading…
Surveillez vos produits
Recevez une alerte automatique à chaque nouvelle CVE affectant vos équipements.