exploit the possibilities

Cisco Common Service Platform Collector Hardcoded Credentials

Cisco Common Service Platform Collector Hardcoded Credentials
Posted Mar 14, 2019
Authored by David Coomber

The Cisco Common Service Platform Collector versions 2.7.2 through 2.7.4.5 and all releases of 2.8.x prior to 2.8.1.2 contain hardcoded credentials.

tags | advisory
systems | cisco
advisories | CVE-2019-1723
MD5 | b839ff1288a335fb85a4e9618cd7250d

Cisco Common Service Platform Collector Hardcoded Credentials

Change Mirror Download
Cisco Common Service Platform Collector - Hardcoded Credentials (CVE-2019-1723)
--
https://www.info-sec.ca/advisories/Cisco-Collector.html

Overview

"The Cisco Common Service Platform Collector (CSPC) is an SNMP-based
tool that discovers and collects information from the Cisco devices
installed on your network. The CSPC software provides an extensive
collection mechanism to gather various aspects of customer device
data. Information gathered by the collector is used by several Cisco
Service offers, such as Smart Net Total Care, Partner Support Service,
and Business Critical Services. The data is used to provide inventory
reports, product alerts, configuration best practices, technical
service coverage, lifecycle information, and many other detailed
reports and analytics for both the hardware and operating system (OS)
software."

(https://www.cisco.com/c/en/us/support/cloud-systems-management/common-services-platform-collector-cspc/products-installation-guides-list.html)

Issue

The Cisco Common Service Platform Collector (version 2.7.2 through
2.7.4.5 and all releases of 2.8.x prior to 2.8.1.2) contains hardcoded
credentials.

Impact

An attacker able to access the collector via SSH or console could use
the hardcoded credentials to gain a shell on the system and perform a
range of attacks.

Timeline

February 14, 2019 - Notified Cisco via psirt@cisco.com
February 14, 2019 - Cisco assigned a case number
February 18, 2019 - Cisco confirmed the vulnerability
February 20, 2019 - Cisco provided a tentative 60 day resolution timeline
February 21, 2019 - Provided comments on the proposed timeline
March 11, 2019 - Cisco advised that the issue has been resolved and
that a security advisory will be published on March 13, 2019

Solution

Upgrade to Common Service Platform Collector 2.7.4.6 or later
Upgrade to Common Service Platform Collector 2.8.1.2 or later

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190313-cspcscv

Acknowledgements

Thanks to the Cisco PSIRT for their timely response

Comments (4)

RSS Feed Subscribe to this comment feed
kaiaseamus

otified Cisco via psirt@cisco.com
- Cisco assigned a case number
- Cisco provided a tentative 60 day resolution timeline
- Provided comments on the proposed timeline
- Cisco advised that the issue has been resolved and
that a security advisory will be published techcloud7.org/blog/widevine-conte…

Comment by kaiaseamus
2019-03-16 10:56:43 UTC | Permalink | Reply
seattlelimoline

All of these blog have saved me a lot of headaches.
With Limo Service Seattle Airport, you can hire the best limousines for your trip and explore the city with comfort. Visit: www.seattlelimoline.com/seattle-airport-tra…

Comment by seattlelimoline
2019-03-18 05:46:12 UTC | Permalink | Reply
resolutionadobe071

An intelligent point of view, well expressed! Thanks!
Instant recognition via Adobe Reader Support. More Info: www.adobecustomercares.com

Comment by resolutionadobe071
2019-03-19 05:12:29 UTC | Permalink | Reply
stechnical

This is a exclussive post, Thank you for shearing good knowledge with us. If you are GPS user and you want to update your GPS device Connect Garmin 76csx to a Computer then you can visit our website for the proper solution.

www.gpsupdatesupport.com/garmin-update/how-c…

Comment by stechnical
2019-03-25 07:25:47 UTC | Permalink | Reply
Login or Register to post a comment

File Archive:

June 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    1 Files
  • 2
    Jun 2nd
    2 Files
  • 3
    Jun 3rd
    19 Files
  • 4
    Jun 4th
    21 Files
  • 5
    Jun 5th
    15 Files
  • 6
    Jun 6th
    12 Files
  • 7
    Jun 7th
    11 Files
  • 8
    Jun 8th
    1 Files
  • 9
    Jun 9th
    1 Files
  • 10
    Jun 10th
    15 Files
  • 11
    Jun 11th
    15 Files
  • 12
    Jun 12th
    15 Files
  • 13
    Jun 13th
    8 Files
  • 14
    Jun 14th
    16 Files
  • 15
    Jun 15th
    2 Files
  • 16
    Jun 16th
    1 Files
  • 17
    Jun 17th
    18 Files
  • 18
    Jun 18th
    15 Files
  • 19
    Jun 19th
    15 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close