==================================================================== CERT-Renater Note d'Information No. 2016/VULN421 _____________________________________________________________________ DATE : 21/12/2016 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running Cisco CloudCenter Orchestrator. ===================================================================== https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161221-cco ____________________________________________________________________ Cisco Security Advisory: Cisco CloudCenter Orchestrator Docker Engine Privilege Escalation Vulnerability Advisory ID: cisco-sa-20161221-cco Revision 1.0 For Public Release 2016 December 21 16:00 GMT (UTC) +--------------------------------------------------------------------- Summary ======= A vulnerability in the Docker Engine configuration of Cisco CloudCenter Orchestrator (CCO) (formely CliQr) could allow an unauthenticated, remote attacker to install Docker containers with high privileges on the affected system. The vulnerability is due to a misconfiguration that causes the Docker Engine management port to be reachable outside of the CloudCenter Orchestrator system. An attacker could exploit this vulnerability by loading Docker containers on the affected system with arbitrary privileges. As a secondary impact this may allow the attacker to gain root privileges on the affected CloudCenter Orchestrator. Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161221-cco ========================================================== Serveur de référence du CERT-Renater https://services.renater.fr/ssi/ ========================================================== + CERT-RENATER | tel : 01-53-94-20-44 + + 23 - 25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email: cert@support.renater.fr + ==========================================================