Cisco Clears Cloud Fault

Tuesday, December 27, 2016 @ 01:12 PM gHale

Cisco updated and mitigated a critical privilege escalation vulnerability in its CloudCenter Orchestrator (CCO) systems.

Cisco CloudCenter is a hybrid cloud management platform with two primary components: CloudCenter Manager, the interface utilized by users and administrators, and CloudCenter Orchestrator, which automates application deployment and infrastructure provisioning and configuration.

Passwords Reset on Cisco Careers Portal
Cisco Fixes Email Security Appliance
Reminder to Cisco: Remove Testing Interface
Analytics through Network Monitoring

CCO was previously a product of CliQr Technologies, which Cisco purchased earlier this year.

An unauthenticated attacker can remotely install malicious Docker containers with high privileges by exploiting a flaw (CVE-2016-9223) in the Docker Engine configuration, Cisco officials said.

The security hole, which has a CVSS score of 9.3, exists due to a misconfiguration that makes the Docker Engine management port reachable from the outside. An attacker can leverage the issue to load Docker containers with arbitrary privileges, researchers said.

A CCO installation is vulnerable if TCP port 2375 is open and bound to, which is any interface and happens to be the default configuration. Users can check if they are affected by using the netstat -ant | grep 2375 command.

Cisco’s Product Security Incident Response Team (PSIRT) said it was aware of a limited number of cases where this vulnerability had been exploited publicly. Organizations can check if their installations have been compromised by using the docker images command and checking the list of containers for anything suspicious.

The vulnerability has been addressed with the release of CCO 4.6.2. As a workaround, users can restrict the Docker Engine port to the localhost IP address Cisco has provided detailed instructions for this operation in its advisory.

Leave a Reply

You must be logged in to post a comment.