CVE-2019-1919

Name of the Vulnerable Software and Affected Versions Cisco FindIT Network Management versions 1.1.4 Cisco FindIT Network Probe versions 1.1.4

Description The issue is related to the use of pre-installed credentials in virtual machine images. An attacker could exploit this to gain elevated privileges. The vulnerability is due to the presence of an account with static credentials in the underlying Linux operating system. This could allow an unauthenticated, local attacker to log in to the device with root privileges by accessing the VM console and using the static account.

Recommendations For Cisco FindIT Network Management version 1.1.4, consider changing the static credentials of the pre-installed account to prevent unauthorized access. For Cisco FindIT Network Probe version 1.1.4, change the static credentials of the pre-installed account to minimize the risk of exploitation.