Cisco Common Services Platform Collector Static Credential Vulnerability Alert

CVE-2019-1723

Cisco issued an announcement to fix a vulnerability in the Cisco Common Services Platform Collector (CSPC) (CVE-2019-1723). The vulnerability stems from a default account with a fixed password in the system. The attacker can directly log in to the affected device through the account and password. The account does not have administrator rights.

Affected version

  • Cisco CSPC releases 2.7.x <= 2.7.4.5
  • Cisco CSPC releases 2.8.x < 2.8.1.2

Unaffected version

  • Cisco CSPC releases 2.7.4.6
  • Cisco CSPC releases 2.8.1.2

Solution

Cisco has released the above vulnerability to fix the above vulnerability, the affected users as soon as possible to upgrade.