Cisco is warning customers about a critical privilege escalation flaw that has been exploited in attacks against Cisco CloudCenter Orchestrator systems. The issue exists due to a misconfiguration that exposed the Docker Engine management port from the outside. An attacker can exploit this issue to load Docker containers with arbitrary privileges, including root. An unauthenticated attacker can remotely install malicious Docker containers on the affected system with high privileges. Cisco has fixed the issue by releasing the CCO version 4.6.2.1.”]
Source: http://securityaffairs.co/wordpress/54653/hacking/cisco-cloudcenter-orchestrator-flaw.html