cbcvebase.
CVE-2016-9223
published 2016-12-26

CVE-2016-9223: A vulnerability in the Docker Engine configuration of Cisco CloudCenter Orchestrator (CCO; formerly CliQr) could allow an unauthenticated, remote attacker to…

PriorityP262critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
2.93%
85.3th percentile
A vulnerability in the Docker Engine configuration of Cisco CloudCenter Orchestrator (CCO; formerly CliQr) could allow an unauthenticated, remote attacker to install Docker containers with high privileges on the affected system. Affected Products: This vulnerability affect all releases of Cisco CloudCenter Orchestrator (CCO) deployments where the Docker Engine TCP port 2375 is open on the system and bound to local address 0.0.0.0 (any interface).

Affected

5 ranges
VendorProductVersion rangeFixed in
ciscocloudcenter_orchestrator
ciscocloudcenter_orchestrator
ciscocloudcenter_orchestrator
ciscocloudcenter_orchestrator
ciscocloudcenter_orchestrator_docker_engine

Detection & IOCsextracted from sources · hover to see the quote

port2375
  • Detect unauthenticated remote connections to Docker Engine management port TCP/2375 on Cisco CloudCenter Orchestrator systems, especially from external/untrusted sources.
  • Alert on Docker container creation or loading events originating from remote/unauthenticated API calls to TCP/2375, particularly those requesting elevated or root-level privileges.
  • Monitor for Docker Engine management port (TCP/2375) being bound to 0.0.0.0 on CCO systems, indicating exposure to all interfaces rather than localhost only.
  • ·Vulnerability only affects CCO deployments where Docker Engine TCP port 2375 is explicitly open AND bound to 0.0.0.0 (all interfaces); systems with port restricted to localhost are not exposed.
  • ·The root cause is a Docker Engine misconfiguration (CWE-264), not a code vulnerability — detection and remediation should focus on network binding configuration of the Docker daemon.

CVSS provenance

nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
vendor_cisco9.3CRITICAL
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.