Cisco Systems is warning customers that a discovery tool for network devices can be accessed by a remote and unauthenticated attacker. The flaw could allow an adversary to log into the system and collect sensitive data tied to host operating systems and hardware.
The disclosure is part of a Cisco Security Advisory and patch (CVE-2019-1723) issued Wednesday. The vulnerability is rated critical, with a CVSS rating of 9.8.
Affected is the Cisco Common Service Platform Collector (CSPC), a tool used for discovering and collecting information from the Cisco devices installed on a network. The flaw includes a default, static password that can be accessed remotely by an unauthenticated adversary. Cisco stresses, that access to CSPC does not grant administrator privileges to an attacker.