A vulnerability in the Docker Engine configuration of Cisco CloudCenter Orchestrator (CCO; formerly CliQr) could allow an unauthenticated, remote attacker to install Docker containers with high privileges on the affected system. Affected Products: This vulnerability affect all releases of Cisco CloudCenter Orchestrator (CCO) deployments where the Docker Engine TCP port 2375 is open on the system and bound to local address 0.0.0.0 (any interface).
CVSS v3.0 Score
9.8
/ 10.0
CRITICAL
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Information
- Published
- 26 déc. 2016
- Updated
- 12 avr. 2025
- Status
- Deferred
- Source
- psirt@cisco.com
Affected products
cisco cloudcenter orchestrator
Versions : 4.4.0, 4.5.0, 4.6.0, 4.6.1
Weaknesses (CWE)
CWE-264
References (4)
- http://www.securityfocus.com/bid/95024Third Party AdvisoryVDB Entry
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161221-ccoMitigationVendor Advisory
- http://www.securityfocus.com/bid/95024Third Party AdvisoryVDB Entry
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161221-ccoMitigationVendor Advisory
Similar CVEs
Other vulnerabilities of type CWE-264
Loading…
Monitor your products
Get automatic alerts for every new CVE affecting your equipment.