10
CVSSv2

CVE-2019-1723

Published: 13/03/2019 Updated: 08/04/2019
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 890
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Summary

A vulnerability in the Cisco Common Services Platform Collector (CSPC) could allow an unauthenticated, remote malicious user to access an affected device by using an account that has a default, static password. This account does not have administrator privileges. The vulnerability exists because the affected software has a user account with a default, static password. An attacker could exploit this vulnerability by remotely connecting to the affected system using this account. A successful exploit could allow the malicious user to log in to the CSPC using the default account. For Cisco CSPC 2.7.x, Cisco fixed this vulnerability in Release 2.7.4.6. For Cisco CSPC 2.8.x, Cisco fixed this vulnerability in Release 2.8.1.2.

Vulnerability Trend

Vendor Advisories

A vulnerability in the Cisco Common Services Platform Collector (CSPC) could allow an unauthenticated, remote attacker to access an affected device by using an account that has a default, static password This account does not have administrator privileges The vulnerability exists because the affected software has a user account with a default, ...

Mailing Lists

Cisco Common Service Platform Collector - Hardcoded Credentials (CVE-2019-1723) -- wwwinfo-secca/advisories/Cisco-Collectorhtml Overview "The Cisco Common Service Platform Collector (CSPC) is an SNMP-based tool that discovers and collects information from the Cisco devices installed on your network The CSPC software provides an extens ...
Cisco Common Service Platform Collector - Hardcoded Credentials (CVE-2019-1723) -- wwwinfo-secca/advisories/Cisco-Collectorhtml Overview "The Cisco Common Service Platform Collector (CSPC) is an SNMP-based tool that discovers and collects information from the Cisco devices installed on your network The CSPC software provides an extens ...

Recent Articles

Cisco Patches Critical ‘Default Password’ Bug
Threatpost • Tom Spring • 14 Mar 2019

Cisco Systems is warning customers that a discovery tool for network devices can be accessed by a remote and unauthenticated attacker. The flaw could allow an adversary to log into the system and collect sensitive data tied to host operating systems and hardware.
The disclosure is part of a Cisco Security Advisory and patch (CVE-2019-1723) issued Wednesday. The vulnerability is rated critical, with a CVSS rating of 9.8.
Affected is the Cisco Common Service Platform Collector (CSPC), ...