CVE-2019-1723 Cisco Common Services Platform Collector Static Credential Vulnerability – 13th Mar 2019

Preface: The CSP-C’s basic function is to discover the network elements and collect information from those elements.Basically the design goal is to enhance the overall detective and preventive control in the IT infrastructure.

Technical highlight: To perform the Network Discovery and Data Collection operations the CSP-C needs the following credentials: SNMP Read Only community,Telnet or SSH credentials,HTTP or HTTPS credentials.Not every device needs to be accessed via CLI or SOAP; however SNMP is required for all devices.

Vulnerability detail: The affected software has a user account with a default, static password.

Vendor announcement:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190313-cspcscv