Executive Summary

Informations
NameCVE-2019-1723First vendor Publication2019-03-13
VendorCveLast vendor Modification2019-04-08

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score10Attack RangeNetwork
Cvss Impact Score10Attack ComplexityLow
Cvss Expoit Score10AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

A vulnerability in the Cisco Common Services Platform Collector (CSPC) could allow an unauthenticated, remote attacker to access an affected device by using an account that has a default, static password. This account does not have administrator privileges. The vulnerability exists because the affected software has a user account with a default, static password. An attacker could exploit this vulnerability by remotely connecting to the affected system using this account. A successful exploit could allow the attacker to log in to the CSPC using the default account. For Cisco CSPC 2.7.x, Cisco fixed this vulnerability in Release 2.7.4.6. For Cisco CSPC 2.8.x, Cisco fixed this vulnerability in Release 2.8.1.2.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1723

CWE : Common Weakness Enumeration

%idName
100 %CWE-264Permissions, Privileges, and Access Controls

Sources (Detail)

SourceUrl
BID http://www.securityfocus.com/bid/107405
CISCO https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-s...
MISC https://www.info-sec.ca/advisories/Cisco-Collector.html

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
DateInformations
2019-04-08 21:19:42
  • Multiple Updates
2019-03-18 21:19:29
  • Multiple Updates
2019-03-15 13:19:28
  • Multiple Updates
2019-03-14 21:19:51
  • Multiple Updates
2019-03-14 05:19:23
  • Multiple Updates
2019-03-14 00:19:22
  • First insertion