Vulnerability Details : CVE-2019-1723
A vulnerability in the Cisco Common Services Platform Collector (CSPC) could allow an unauthenticated, remote attacker to access an affected device by using an account that has a default, static password. This account does not have administrator privileges. The vulnerability exists because the affected software has a user account with a default, static password. An attacker could exploit this vulnerability by remotely connecting to the affected system using this account. A successful exploit could allow the attacker to log in to the CSPC using the default account. For Cisco CSPC 2.7.x, Cisco fixed this vulnerability in Release 2.7.4.6. For Cisco CSPC 2.8.x, Cisco fixed this vulnerability in Release 2.8.1.2.
Products affected by CVE-2019-1723
- Cisco » Common Services Platform CollectorVersions from including (>=) 2.8.0 and before (<) 2.8.1.2cpe:2.3:a:cisco:common_services_platform_collector:*:*:*:*:*:*:*:*
- Cisco » Common Services Platform CollectorVersions from including (>=) 2.7.2 and before (<) 2.7.4.6cpe:2.3:a:cisco:common_services_platform_collector:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2019-1723
0.41%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 73 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2019-1723
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST | |
9.8
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
Cisco Systems, Inc. | |
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2019-1723
-
Assigned by: ykramarz@cisco.com (Secondary)
-
The product contains hard-coded credentials, such as a password or cryptographic key.Assigned by: nvd@nist.gov (Primary)
References for CVE-2019-1723
-
http://www.securityfocus.com/bid/107405
Cisco Common Services Platform Collector CVE-2019-1723 Security Bypass VulnerabilityThird Party Advisory;VDB Entry
-
https://www.info-sec.ca/advisories/Cisco-Collector.html
Cisco Common Service Platform Collector - Hardcoded Credentials (CVE-2019-1723) - Info-Sec.CAThird Party Advisory
-
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190313-cspcscv
Cisco Common Services Platform Collector Static Credential VulnerabilityPatch;Vendor Advisory
Jump to