Cisco CloudCenter Orchestrator权限提升漏洞(CVE-2016-9223)
发布日期:2016-12-26
更新日期:2016-12-27
受影响系统:
Cisco CloudCenter Orchestrator < 4.6.2
Cisco CloudCenter Orchestrator
不受影响系统:
Cisco CloudCenter Orchestrator 4.6.2
描述:
BUGTRAQ ID: 95024
CVE(CAN) ID: CVE-2016-9223
Cisco CloudCenter Orchestrator是以应用为中心的云管理平台。
Cisco CloudCenter Orchestrator的Docker Engine配置中存在安全漏洞。可使未经身份验证的远程攻击者以较高的权限安装Docker容器。
<*来源:Cisco
链接:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161221-cco
*>
建议:
厂商补丁:
Cisco
-----
Cisco已经为此发布了一个安全公告(cisco-sa-20161221-cco)以及相应补丁:
cisco-sa-20161221-cco:Cisco CloudCenter Orchestrator Docker Engine Privilege Escalation Vulnerability
链接:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161221-cco
本文永久更新链接地址:http://www.linuxidc.com/Linux/2016-12/138854.htm