[c-nsp] Cisco Security Advisory: Cisco CloudCenter Orchestrator Docker Engine Privilege Escalation Vulnerability

Cisco Systems Product Security Incident Response Team psirt at cisco.com
Wed Dec 21 11:04:00 EST 2016


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Cisco Security Advisory: Cisco CloudCenter Orchestrator Docker Engine Privilege Escalation Vulnerability

Advisory ID: cisco-sa-20161221-cco

Revision 1.0

For Public Release 2016 December 21 16:00  GMT (UTC)

+---------------------------------------------------------------------

Summary
=======

A vulnerability in the Docker Engine configuration of Cisco CloudCenter Orchestrator (CCO) (formely CliQr) could allow an unauthenticated, remote attacker to install Docker containers with high privileges on the affected system.

The vulnerability is due to a misconfiguration that causes the Docker Engine management port to be reachable outside of the CloudCenter Orchestrator system. An attacker could exploit this vulnerability by loading Docker containers on the affected system with arbitrary privileges. As a secondary impact this may allow the attacker to gain root privileges on the affected CloudCenter Orchestrator.

Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available. This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161221-cco






-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJYWooEAAoJEK89gD3EAJB5K9QQAMPU3MTq35Umr6OV4D3c1SZo
zknAHNh19knzUB4271mbZmdPhD7xUwDvcnDTsF/+pGWNa3aBpnCZkUvy/pi3h3kQ
zZJhFErUUnkSSUoeqvsvclJOYo3C1+DozgOlp1SNDgUYxpH8m4H47gcSns93pMbw
Xj/yWzsZ/9/4yw31+C0kcTpTKPW++yCrRHWjd6EAZMl73IoElqamxGQh+dgEt/R/
rvpviptlc6Jyzv21ETDYDbugab8j2VhPRH24fk6uImaKGTgEAj9z2aVDZew2sbZB
49O1BSLlL9RyXv1BRxVltM6y9poEpxbLRij4VtN4iiry1KFcwZWQmZuAlrEDaM94
aj3zXU/G6LHMMF7sOmzXFdxlua+8jwaN06C7iLH1AowDV1XmBJsN9ssBC3VwicZ/
HpqpWK4ixkQi7hrH9m47xo+m+REtWi7gIeC9if9oOXhy8qv9XmwXUWK7n10u0H2E
fBhpyQWG/sR2CfCg3WZtwn3l5VhDfvk+ncQfCRSOpmAeEPbbDSmgrshMvRe2Y0sj
LlwfHbDxui3VwSG6mNTDl70WDEt9ariDEYwC0jXYZl/Mfq7BmyvvObEKED8o10Jz
1Ya+8trc1WOlR95bPBG4yQ0qHwZXSvJfGtvTrwK+LNTqyeKelhUV6R/d37Eu6w3b
3E1LAh/dENRvzwzazGrr
=oj1u
-----END PGP SIGNATURE-----


More information about the cisco-nsp mailing list