CVE-2019-1723

Name of the Vulnerable Software and Affected Versions Cisco Common Services Platform Collector versions 2.7.x through 2.7.4.5 Cisco Common Services Platform Collector versions 2.8.x through 2.8.1.1

Description The issue is related to a default user account with a static password in the Cisco Common Services Platform Collector. This could allow a remote attacker to access the device using the default account, although the account does not have administrator privileges. An attacker could exploit this by connecting to the system remotely with the default account, potentially allowing them to log in to the CSPC.

Recommendations For Cisco CSPC versions 2.7.x through 2.7.4.5, update to Release 2.7.4.6 to resolve the issue. For Cisco CSPC versions 2.8.x through 2.8.1.1, update to Release 2.8.1.2 to resolve the issue.