var-201903-0359
Vulnerability from variot
A vulnerability in the Cisco Common Services Platform Collector (CSPC) could allow an unauthenticated, remote attacker to access an affected device by using an account that has a default, static password. This account does not have administrator privileges. The vulnerability exists because the affected software has a user account with a default, static password. An attacker could exploit this vulnerability by remotely connecting to the affected system using this account. A successful exploit could allow the attacker to log in to the CSPC using the default account. For Cisco CSPC 2.7.x, Cisco fixed this vulnerability in Release 2.7.4.6. For Cisco CSPC 2.8.x, Cisco fixed this vulnerability in Release 2.8.1.2. Cisco Common Services Platform is prone to a security-bypass vulnerability. An attacker can exploit this issue to bypass the security mechanism and gain unauthorized access. This may lead to further attacks. This issue is tracked by Cisco Bug ID CSCvo38510. The product analyzes network performance and identifies risks and vulnerabilities by polling Cisco devices for basic inventory and configuration data. Cisco CSPC version 2.7.2 to 2.7.4.5 and 2.8.x versions before 2.8.1.2 have permissions and access control vulnerabilities. The CSPC software provides an extensive collection mechanism to gather various aspects of customer device data. The data is used to provide inventory reports, product alerts, configuration best practices, technical service coverage, lifecycle information, and many other detailed reports and analytics for both the hardware and operating system (OS) software."
(https://www.cisco.com/c/en/us/support/cloud-systems-management/common-services-platform-collector-cspc/products-installation-guides-list.html)
Issue
The Cisco Common Service Platform Collector (version 2.7.2 through 2.7.4.5 and all releases of 2.8.x prior to 2.8.1.2) contains hardcoded credentials.
Impact
An attacker able to access the collector via SSH or console could use the hardcoded credentials to gain a shell on the system and perform a range of attacks.
Timeline
February 14, 2019 - Notified Cisco via psirt@cisco.com February 14, 2019 - Cisco assigned a case number February 18, 2019 - Cisco confirmed the vulnerability February 20, 2019 - Cisco provided a tentative 60 day resolution timeline February 21, 2019 - Provided comments on the proposed timeline March 11, 2019 - Cisco advised that the issue has been resolved and that a security advisory will be published on March 13, 2019
Solution
Upgrade to Common Service Platform Collector 2.7.4.6 or later Upgrade to Common Service Platform Collector 2.8.1.2 or later
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190313-cspcscv
Acknowledgements
Thanks to the Cisco PSIRT for their timely response
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201903-0359",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "common services platform collector",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "2.8.0"
},
{
"model": "common services platform collector",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "2.7.2"
},
{
"model": "common services platform collector",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.7.4.6"
},
{
"model": "common services platform collector",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.8.1.2"
},
{
"model": "common services platform collector",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "2.8.1.2"
},
{
"model": "common services platform collector",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "2.7.4.6"
},
{
"model": "common services platform collector",
"scope": "lt",
"trust": 0.8,
"vendor": "cisco",
"version": "2.7.x"
},
{
"model": "common services platform collector",
"scope": "lt",
"trust": 0.8,
"vendor": "cisco",
"version": "2.8.x"
},
{
"model": "network level service",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2.8(1)"
},
{
"model": "network level service",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2.7(1)"
}
],
"sources": [
{
"db": "BID",
"id": "107405"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002484"
},
{
"db": "NVD",
"id": "CVE-2019-1723"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cisco:common_services_platform_collector:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.8.1.2",
"versionStartIncluding": "2.8.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:common_services_platform_collector:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.7.4.6",
"versionStartIncluding": "2.7.2",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-1723"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "David Coomber .",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201903-496"
}
],
"trust": 0.6
},
"cve": "CVE-2019-1723",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2019-1723",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-149455",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ykramarz@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-1723",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-1723",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "ykramarz@cisco.com",
"id": "CVE-2019-1723",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-201903-496",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-149455",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2019-1723",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-149455"
},
{
"db": "VULMON",
"id": "CVE-2019-1723"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002484"
},
{
"db": "NVD",
"id": "CVE-2019-1723"
},
{
"db": "NVD",
"id": "CVE-2019-1723"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-496"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in the Cisco Common Services Platform Collector (CSPC) could allow an unauthenticated, remote attacker to access an affected device by using an account that has a default, static password. This account does not have administrator privileges. The vulnerability exists because the affected software has a user account with a default, static password. An attacker could exploit this vulnerability by remotely connecting to the affected system using this account. A successful exploit could allow the attacker to log in to the CSPC using the default account. For Cisco CSPC 2.7.x, Cisco fixed this vulnerability in Release 2.7.4.6. For Cisco CSPC 2.8.x, Cisco fixed this vulnerability in Release 2.8.1.2. Cisco Common Services Platform is prone to a security-bypass vulnerability. \nAn attacker can exploit this issue to bypass the security mechanism and gain unauthorized access. This may lead to further attacks. \nThis issue is tracked by Cisco Bug ID CSCvo38510. The product analyzes network performance and identifies risks and vulnerabilities by polling Cisco devices for basic inventory and configuration data. Cisco CSPC version 2.7.2 to 2.7.4.5 and 2.8.x versions before 2.8.1.2 have permissions and access control vulnerabilities. The CSPC software provides an extensive\ncollection mechanism to gather various aspects of customer device\ndata. The data is used to provide inventory\nreports, product alerts, configuration best practices, technical\nservice coverage, lifecycle information, and many other detailed\nreports and analytics for both the hardware and operating system (OS)\nsoftware.\"\n\n(https://www.cisco.com/c/en/us/support/cloud-systems-management/common-services-platform-collector-cspc/products-installation-guides-list.html)\n\nIssue\n\nThe Cisco Common Service Platform Collector (version 2.7.2 through\n2.7.4.5 and all releases of 2.8.x prior to 2.8.1.2) contains hardcoded\ncredentials. \n\nImpact\n\nAn attacker able to access the collector via SSH or console could use\nthe hardcoded credentials to gain a shell on the system and perform a\nrange of attacks. \n\nTimeline\n\nFebruary 14, 2019 - Notified Cisco via psirt@cisco.com\nFebruary 14, 2019 - Cisco assigned a case number\nFebruary 18, 2019 - Cisco confirmed the vulnerability\nFebruary 20, 2019 - Cisco provided a tentative 60 day resolution timeline\nFebruary 21, 2019 - Provided comments on the proposed timeline\nMarch 11, 2019 - Cisco advised that the issue has been resolved and\nthat a security advisory will be published on March 13, 2019\n\nSolution\n\nUpgrade to Common Service Platform Collector 2.7.4.6 or later\nUpgrade to Common Service Platform Collector 2.8.1.2 or later\n\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190313-cspcscv\n\nAcknowledgements\n\nThanks to the Cisco PSIRT for their timely response\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-1723"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002484"
},
{
"db": "BID",
"id": "107405"
},
{
"db": "VULHUB",
"id": "VHN-149455"
},
{
"db": "VULMON",
"id": "CVE-2019-1723"
},
{
"db": "PACKETSTORM",
"id": "152094"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-1723",
"trust": 3.0
},
{
"db": "BID",
"id": "107405",
"trust": 2.1
},
{
"db": "PACKETSTORM",
"id": "152094",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002484",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201903-496",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2019.0836",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-149455",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2019-1723",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-149455"
},
{
"db": "VULMON",
"id": "CVE-2019-1723"
},
{
"db": "BID",
"id": "107405"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002484"
},
{
"db": "PACKETSTORM",
"id": "152094"
},
{
"db": "NVD",
"id": "CVE-2019-1723"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-496"
}
]
},
"id": "VAR-201903-0359",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-149455"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:43:25.278000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20190313-cspcscv",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190313-cspcscv"
},
{
"title": "Cisco Common Services Platform Collector Fixes for permission permissions and access control vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=90106"
},
{
"title": "Cisco: Cisco Common Services Platform Collector Static Credential Vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20190313-cspcscv"
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/cisco-patches-critical-default-password-bug/142814/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-1723"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002484"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-496"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.1
},
{
"problemtype": "CWE-264",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-149455"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002484"
},
{
"db": "NVD",
"id": "CVE-2019-1723"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190313-cspcscv"
},
{
"trust": 1.9,
"url": "http://www.securityfocus.com/bid/107405"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-1723"
},
{
"trust": 1.3,
"url": "https://www.info-sec.ca/advisories/cisco-collector.html"
},
{
"trust": 0.9,
"url": "http://www.cisco.com/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1723"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/77162"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/152094/cisco-common-service-platform-collector-hardcoded-credentials.html"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/798.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://threatpost.com/cisco-patches-critical-default-password-bug/142814/"
},
{
"trust": 0.1,
"url": "https://www.cisco.com/c/en/us/support/cloud-systems-management/common-services-platform-collector-cspc/products-installation-guides-list.html)"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-149455"
},
{
"db": "VULMON",
"id": "CVE-2019-1723"
},
{
"db": "BID",
"id": "107405"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002484"
},
{
"db": "PACKETSTORM",
"id": "152094"
},
{
"db": "NVD",
"id": "CVE-2019-1723"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-496"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-149455"
},
{
"db": "VULMON",
"id": "CVE-2019-1723"
},
{
"db": "BID",
"id": "107405"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002484"
},
{
"db": "PACKETSTORM",
"id": "152094"
},
{
"db": "NVD",
"id": "CVE-2019-1723"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-496"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-03-13T00:00:00",
"db": "VULHUB",
"id": "VHN-149455"
},
{
"date": "2019-03-13T00:00:00",
"db": "VULMON",
"id": "CVE-2019-1723"
},
{
"date": "2019-03-14T00:00:00",
"db": "BID",
"id": "107405"
},
{
"date": "2019-04-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-002484"
},
{
"date": "2019-03-14T16:32:07",
"db": "PACKETSTORM",
"id": "152094"
},
{
"date": "2019-03-13T21:29:00.307000",
"db": "NVD",
"id": "CVE-2019-1723"
},
{
"date": "2019-03-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201903-496"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-10-08T00:00:00",
"db": "VULHUB",
"id": "VHN-149455"
},
{
"date": "2020-10-08T00:00:00",
"db": "VULMON",
"id": "CVE-2019-1723"
},
{
"date": "2019-03-14T00:00:00",
"db": "BID",
"id": "107405"
},
{
"date": "2019-04-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-002484"
},
{
"date": "2020-10-08T12:55:47.267000",
"db": "NVD",
"id": "CVE-2019-1723"
},
{
"date": "2019-03-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201903-496"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201903-496"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Common Services Platform Collector Vulnerabilities in authorization, authority and access control",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-002484"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201903-496"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.