Cisco released security updates to address a critical vulnerability in its Cisco Common Services Platform Collector (CSPC) software.
Cisco released security updates to address a critical flaw, tracked as CVE-2019-1723, that consists in the presence of a default account with a static password. The account hasn’t admin privileges, but it could be exploited by an unauthenticated attacker to gain remote access to the system.
The Cisco Common Services Platform Collector (CSPC) is a tool that collects information from Cisco devices installed on a network. The SNMP-based tool is used by both Smart Net Total Care (SmartNet) Network Collector and Partner Support Service (PSS) Network Collector.
“A vulnerability in the Cisco Common Services Platform Collector (CSPC) could allow an unauthenticated, remote attacker to access an affected device by using an account that has a default, static password. This account does not have administrator privileges.” reads the security advisory published by Cisco.
“The vulnerability exists because the affected software has a user account with a default, static password. An attacker could exploit this vulnerability by remotely connecting to the affected system using this account. A successful exploit could allow the attacker to log in to the CSPC using the default account.”
The vulnerability was reported to Cisco by the security researcher David Coomber. According to Cisco, the flaw affects CSPC releases 2.7.2 through 184.108.40.206 and all 2.8.x releases, the tech giant addressed it with the release of the versions 220.127.116.11 and 18.104.22.168.
The good news is that Cisco is not aware of any attacks exploiting this vulnerability in the wild.
Earlier this month, Cisco released security updates to address dozens of vulnerabilities impacting the Nexus switches.
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer.
Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US.
Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines.
Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.