CVE-2016-9223
published 2016-12-26CVE-2016-9223: A vulnerability in the Docker Engine configuration of Cisco CloudCenter Orchestrator (CCO; formerly CliQr) could allow an unauthenticated, remote attacker to…
PriorityP262critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
2.93%
85.3th percentile
A vulnerability in the Docker Engine configuration of Cisco CloudCenter Orchestrator (CCO; formerly CliQr) could allow an unauthenticated, remote attacker to install Docker containers with high privileges on the affected system. Affected Products: This vulnerability affect all releases of Cisco CloudCenter Orchestrator (CCO) deployments where the Docker Engine TCP port 2375 is open on the system and bound to local address 0.0.0.0 (any interface).
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | cloudcenter_orchestrator | — | — |
| cisco | cloudcenter_orchestrator | — | — |
| cisco | cloudcenter_orchestrator | — | — |
| cisco | cloudcenter_orchestrator | — | — |
| cisco | cloudcenter_orchestrator_docker_engine | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect unauthenticated remote connections to Docker Engine management port TCP/2375 on Cisco CloudCenter Orchestrator systems, especially from external/untrusted sources. ↗
- →Alert on Docker container creation or loading events originating from remote/unauthenticated API calls to TCP/2375, particularly those requesting elevated or root-level privileges. ↗
- →Monitor for Docker Engine management port (TCP/2375) being bound to 0.0.0.0 on CCO systems, indicating exposure to all interfaces rather than localhost only. ↗
- ·Vulnerability only affects CCO deployments where Docker Engine TCP port 2375 is explicitly open AND bound to 0.0.0.0 (all interfaces); systems with port restricted to localhost are not exposed. ↗
- ·The root cause is a Docker Engine misconfiguration (CWE-264), not a code vulnerability — detection and remediation should focus on network binding configuration of the Docker daemon. ↗
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
vendor_cisco9.3CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Cisco
Cisco CloudCenter Orchestrator Docker Engine Privilege Escalation Vulnerability
vendor_cisco·2016-12-22·CVSS 9.3
CVE-2016-9223 [CRITICAL] CWE-264 Cisco CloudCenter Orchestrator Docker Engine Privilege Escalation Vulnerability
Cisco CloudCenter Orchestrator Docker Engine Privilege Escalation Vulnerability
A vulnerability in the Docker Engine configuration of Cisco CloudCenter
Orchestrator (CCO; formerly CliQr) could allow an unauthenticated, remote attacker to install Docker containers with high privileges on the affected system.
The
vulnerability is due to a misconfiguration that causes the Docker Engine management port to be reachable outside of the CloudCenter
Orchestrator system. An attacker could exploit this vulnerability by
loading Docker containers on the affected system with arbitrary
privileges. As a secondary impact this may allow the attacker to gain root
privileges on the affected CloudCenter Orchestrator.
Cisco has released software updates that address this vulnerability. Workarounds that mitig
Cisco
Cisco CloudCenter Orchestrator Docker Engine Privilege Escalation Vulnerability
vendor_cisco
CVE-2016-9223 Cisco CloudCenter Orchestrator Docker Engine Privilege Escalation Vulnerability
CVE-2016-9223: Cisco CloudCenter Orchestrator Docker Engine Privilege Escalation Vulnerability
A vulnerability in the Docker Engine configuration of Cisco CloudCenter Orchestrator (CCO; formerly CliQr) could allow an unauthenticated, remote attacker to install Docker containers with high privileges on the affected system. The vulnerability is due to a misconfiguration that causes the Docker Engine management port to be reachable outside of the CloudCenter Orchestrator system. An attacker could exploit this vulnerability by loading Docker containers on the affected system with arbitrary privileges. As a secondary impact this may allow the attacker to gain root privileges on the affected CloudCenter Orchestrator. Cisco has released software updates that address this vulnerability.
CWE: CWE-2
GHSA
GHSA-r7qm-f8h2-jq46: A vulnerability in the Docker Engine configuration of Cisco CloudCenter Orchestrator (CCO; formerly CliQr) could allow an unauthenticated, remote atta
ghsa_unreviewed·2022-05-17
CVE-2016-9223 [CRITICAL] GHSA-r7qm-f8h2-jq46: A vulnerability in the Docker Engine configuration of Cisco CloudCenter Orchestrator (CCO; formerly CliQr) could allow an unauthenticated, remote atta
A vulnerability in the Docker Engine configuration of Cisco CloudCenter Orchestrator (CCO; formerly CliQr) could allow an unauthenticated, remote attacker to install Docker containers with high privileges on the affected system. Affected Products: This vulnerability affect all releases of Cisco CloudCenter Orchestrator (CCO) deployments where the Docker Engine TCP port 2375 is open on the system and bound to local address 0.0.0.0 (any interface).
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2016-12-26
Published