CVE-2019-1723 – Cisco Common Services Platform Collector Static Credential Vulnerability

https://notcve.org/view.php?id=CVE-2019-1723

A vulnerability in the Cisco Common Services Platform Collector (CSPC) could allow an unauthenticated, remote attacker to access an affected device by using an account that has a default, static password. This account does not have administrator privileges. The vulnerability exists because the affected software has a user account with a default, static password. An attacker could exploit this vulnerability by remotely connecting to the affected system using this account. A successful exploit could allow the attacker to log in to the CSPC using the default account. • http://www.securityfocus.com/bid/107405 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190313-cspcscv https://www.info-sec.ca/advisories/Cisco-Collector.html • CWE-264: Permissions, Privileges, and Access Controls CWE-798: Use of Hard-coded Credentials •