Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveCiscoCVE-2016-9223
HistoryDec 26, 2016 - 8:59 a.m.

CVE-2016-9223

2016-12-2608:59:00
CWE-264
cisco
web.nvd.nist.gov
57
cve-2016-9223
docker engine
cisco cloudcenter orchestrator
vulnerability
security
nvd
cliqr

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9

Confidence

High

EPSS

0.003

Percentile

68.0%

JSON

A vulnerability in the Docker Engine configuration of Cisco CloudCenter Orchestrator (CCO; formerly CliQr) could allow an unauthenticated, remote attacker to install Docker containers with high privileges on the affected system. Affected Products: This vulnerability affect all releases of Cisco CloudCenter Orchestrator (CCO) deployments where the Docker Engine TCP port 2375 is open on the system and bound to local address 0.0.0.0 (any interface).

Affected configurations

Nvd
Node
ciscocloudcenter_orchestratorMatch4.4.0
OR
ciscocloudcenter_orchestratorMatch4.5.0
OR
ciscocloudcenter_orchestratorMatch4.6.0
OR
ciscocloudcenter_orchestratorMatch4.6.1
VendorProductVersionCPE
ciscocloudcenter_orchestrator4.4.0cpe:2.3:a:cisco:cloudcenter_orchestrator:4.4.0:*:*:*:*:*:*:*
ciscocloudcenter_orchestrator4.5.0cpe:2.3:a:cisco:cloudcenter_orchestrator:4.5.0:*:*:*:*:*:*:*
ciscocloudcenter_orchestrator4.6.0cpe:2.3:a:cisco:cloudcenter_orchestrator:4.6.0:*:*:*:*:*:*:*
ciscocloudcenter_orchestrator4.6.1cpe:2.3:a:cisco:cloudcenter_orchestrator:4.6.1:*:*:*:*:*:*:*

CNA Affected

[
  {
    "product": "Cisco CloudCenter Orchestrator",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Cisco CloudCenter Orchestrator"
      }
    ]
  }
]

Related

prion 1
threatpost 1
cisco 1
cvelist 1
nvd 1
prion
prion
Design/Logic Flaw
2016-12-26 08:59:00
threatpost
threatpost
Cisco β€˜Critical Update’ Phishing Attack Steals Webex Credentials
2020-04-09 13:00:24
cisco
cisco
Cisco CloudCenter Orchestrator Docker Engine Privilege Escalation Vulnerability
2016-12-21 16:00:00
cvelist
cvelist
CVE-2016-9223
2016-12-26 07:55:00
nvd
nvd
CVE-2016-9223
2016-12-26 08:59:00

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9

Confidence

High

EPSS

0.003

Percentile

68.0%

JSON
Related for CVE-2016-9223
prion1threatpost1cisco1cvelist1nvd1