Details of VAR-201903-0359

ID

VAR-201903-0359

CVE

CVE-2019-1723

TITLE

Cisco Common Services Platform Collector Vulnerabilities in authorization, authority and access control

Trust: 0.8

sources: JVNDB: JVNDB-2019-002484

DESCRIPTION

A vulnerability in the Cisco Common Services Platform Collector (CSPC) could allow an unauthenticated, remote attacker to access an affected device by using an account that has a default, static password. This account does not have administrator privileges. The vulnerability exists because the affected software has a user account with a default, static password. An attacker could exploit this vulnerability by remotely connecting to the affected system using this account. A successful exploit could allow the attacker to log in to the CSPC using the default account. For Cisco CSPC 2.7.x, Cisco fixed this vulnerability in Release 2.7.4.6. For Cisco CSPC 2.8.x, Cisco fixed this vulnerability in Release 2.8.1.2. Cisco Common Services Platform is prone to a security-bypass vulnerability. An attacker can exploit this issue to bypass the security mechanism and gain unauthorized access. This may lead to further attacks. This issue is tracked by Cisco Bug ID CSCvo38510. The product analyzes network performance and identifies risks and vulnerabilities by polling Cisco devices for basic inventory and configuration data. Cisco CSPC version 2.7.2 to 2.7.4.5 and 2.8.x versions before 2.8.1.2 have permissions and access control vulnerabilities. The CSPC software provides an extensive collection mechanism to gather various aspects of customer device data. The data is used to provide inventory reports, product alerts, configuration best practices, technical service coverage, lifecycle information, and many other detailed reports and analytics for both the hardware and operating system (OS) software." (https://www.cisco.com/c/en/us/support/cloud-systems-management/common-services-platform-collector-cspc/products-installation-guides-list.html) Issue The Cisco Common Service Platform Collector (version 2.7.2 through 2.7.4.5 and all releases of 2.8.x prior to 2.8.1.2) contains hardcoded credentials. Impact An attacker able to access the collector via SSH or console could use the hardcoded credentials to gain a shell on the system and perform a range of attacks. Timeline February 14, 2019 - Notified Cisco via psirt@cisco.com February 14, 2019 - Cisco assigned a case number February 18, 2019 - Cisco confirmed the vulnerability February 20, 2019 - Cisco provided a tentative 60 day resolution timeline February 21, 2019 - Provided comments on the proposed timeline March 11, 2019 - Cisco advised that the issue has been resolved and that a security advisory will be published on March 13, 2019 Solution Upgrade to Common Service Platform Collector 2.7.4.6 or later Upgrade to Common Service Platform Collector 2.8.1.2 or later https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190313-cspcscv Acknowledgements Thanks to the Cisco PSIRT for their timely response

Trust: 2.16

sources: NVD: CVE-2019-1723 // JVNDB: JVNDB-2019-002484 // BID: 107405 // VULHUB: VHN-149455 // VULMON: CVE-2019-1723 // PACKETSTORM: 152094

AFFECTED PRODUCTS

vendor:	cisco	model:	common services platform collector	scope:	lt	version:	2.7.4.6	Trust: 1.0
vendor:	cisco	model:	common services platform collector	scope:	gte	version:	2.8.0	Trust: 1.0
vendor:	cisco	model:	common services platform collector	scope:	gte	version:	2.7.2	Trust: 1.0
vendor:	cisco	model:	common services platform collector	scope:	lt	version:	2.8.1.2	Trust: 1.0
vendor:	cisco	model:	common services platform collector	scope:	eq	version:	2.8.1.2	Trust: 0.8
vendor:	cisco	model:	common services platform collector	scope:	eq	version:	2.7.4.6	Trust: 0.8
vendor:	cisco	model:	common services platform collector	scope:	lt	version:	2.7.x	Trust: 0.8
vendor:	cisco	model:	common services platform collector	scope:	lt	version:	2.8.x	Trust: 0.8
vendor:	cisco	model:	network level service	scope:	eq	version:	2.8(1)	Trust: 0.3
vendor:	cisco	model:	network level service	scope:	eq	version:	2.7(1)	Trust: 0.3

sources: BID: 107405 // JVNDB: JVNDB-2019-002484 // NVD: CVE-2019-1723

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-1723
value:	CRITICAL
Trust: 1.0
ykramarz@cisco.com:	CVE-2019-1723
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2019-1723
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-201903-496
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-149455
value:	HIGH
Trust: 0.1
VULMON:	CVE-2019-1723
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2019-1723
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-149455
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

ykramarz@cisco.com:	CVE-2019-1723
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8
nvd@nist.gov:	CVE-2019-1723
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: VULHUB: VHN-149455 // VULMON: CVE-2019-1723 // JVNDB: JVNDB-2019-002484 // CNNVD: CNNVD-201903-496 // NVD: CVE-2019-1723 // NVD: CVE-2019-1723

PROBLEMTYPE DATA

problemtype:	CWE-264	Trust: 1.9
problemtype:	CWE-798	Trust: 1.1

sources: VULHUB: VHN-149455 // JVNDB: JVNDB-2019-002484 // NVD: CVE-2019-1723

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201903-496

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201903-496

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-002484

PATCH

title:	cisco-sa-20190313-cspcscv	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190313-cspcscv	Trust: 0.8
title:	Cisco Common Services Platform Collector Fixes for permission permissions and access control vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=90106	Trust: 0.6
title:	Cisco: Cisco Common Services Platform Collector Static Credential Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20190313-cspcscv	Trust: 0.1
title:	Threatpost	url:	https://threatpost.com/cisco-patches-critical-default-password-bug/142814/	Trust: 0.1

sources: VULMON: CVE-2019-1723 // JVNDB: JVNDB-2019-002484 // CNNVD: CNNVD-201903-496

EXTERNAL IDS

db:	NVD	id:	CVE-2019-1723	Trust: 3.0
db:	BID	id:	107405	Trust: 2.1
db:	PACKETSTORM	id:	152094	Trust: 0.8
db:	JVNDB	id:	JVNDB-2019-002484	Trust: 0.8
db:	CNNVD	id:	CNNVD-201903-496	Trust: 0.7
db:	AUSCERT	id:	ESB-2019.0836	Trust: 0.6
db:	VULHUB	id:	VHN-149455	Trust: 0.1
db:	VULMON	id:	CVE-2019-1723	Trust: 0.1

sources: VULHUB: VHN-149455 // VULMON: CVE-2019-1723 // BID: 107405 // JVNDB: JVNDB-2019-002484 // PACKETSTORM: 152094 // CNNVD: CNNVD-201903-496 // NVD: CVE-2019-1723

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190313-cspcscv	Trust: 2.3
url:	http://www.securityfocus.com/bid/107405	Trust: 1.9
url:	https://nvd.nist.gov/vuln/detail/cve-2019-1723	Trust: 1.5
url:	https://www.info-sec.ca/advisories/cisco-collector.html	Trust: 1.3
url:	http://www.cisco.com/	Trust: 0.9
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1723	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/77162	Trust: 0.6
url:	https://packetstormsecurity.com/files/152094/cisco-common-service-platform-collector-hardcoded-credentials.html	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/798.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://threatpost.com/cisco-patches-critical-default-password-bug/142814/	Trust: 0.1
url:	https://www.cisco.com/c/en/us/support/cloud-systems-management/common-services-platform-collector-cspc/products-installation-guides-list.html)	Trust: 0.1

sources: VULHUB: VHN-149455 // VULMON: CVE-2019-1723 // BID: 107405 // JVNDB: JVNDB-2019-002484 // PACKETSTORM: 152094 // CNNVD: CNNVD-201903-496 // NVD: CVE-2019-1723

CREDITS

David Coomber .

Trust: 0.6

sources: CNNVD: CNNVD-201903-496

SOURCES

db:	VULHUB	id:	VHN-149455
db:	VULMON	id:	CVE-2019-1723
db:	BID	id:	107405
db:	JVNDB	id:	JVNDB-2019-002484
db:	PACKETSTORM	id:	152094
db:	CNNVD	id:	CNNVD-201903-496
db:	NVD	id:	CVE-2019-1723

LAST UPDATE DATE

2024-11-23T22:00:06.226000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-149455	date:	2020-10-08T00:00:00
db:	VULMON	id:	CVE-2019-1723	date:	2020-10-08T00:00:00
db:	BID	id:	107405	date:	2019-03-14T00:00:00
db:	JVNDB	id:	JVNDB-2019-002484	date:	2019-04-09T00:00:00
db:	CNNVD	id:	CNNVD-201903-496	date:	2019-03-15T00:00:00
db:	NVD	id:	CVE-2019-1723	date:	2024-11-21T04:37:10.867

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-149455	date:	2019-03-13T00:00:00
db:	VULMON	id:	CVE-2019-1723	date:	2019-03-13T00:00:00
db:	BID	id:	107405	date:	2019-03-14T00:00:00
db:	JVNDB	id:	JVNDB-2019-002484	date:	2019-04-09T00:00:00
db:	PACKETSTORM	id:	152094	date:	2019-03-14T16:32:07
db:	CNNVD	id:	CNNVD-201903-496	date:	2019-03-13T00:00:00
db:	NVD	id:	CVE-2019-1723	date:	2019-03-13T21:29:00.307