Security Affairs
New Russian Campaign Uses Fake Webex and Zoom Installers to Deploy Starland RAT|U.S. CISA adds KNX Association KNX Protocol Connection Authorization Option 1 and Oracle flaws to its Known Exploited Vulnerabilities catalog|Two Scattered Spider Members Sentenced to Prison Over £29 Million TfL Cyberattack|TuxBot v3: The IoT Botnet Built With AI – Bugs, Disclaimers and All|Claude Code and DeepSeek Powered Chinese Cyber Espionage Campaign|Zoom Fixes CVE-2026-53412, a Critical Account Takeover Bug|US and allied Governments’ Recommendations: Securing Network Devices Against Russian APT Groups|Chaotic Eclipse Unveils LegacyHive Exploit Affecting Fully Patched Windows Systems|AsyncAPI npm Supply Chain Attack: Malware Injected Into Packages With 2 Million Weekly Downloads|U.S. CISA adds SonicWall and Microsoft flaws to its Known Exploited Vulnerabilities catalog|SonicWall warns of active exploitation of two SMA 1000 zero-days|Patch Tuesday security updates for July 2026, the largest update ever. 621 CVEs in one month|New Russian Campaign Uses Fake Webex and Zoom Installers to Deploy Starland RAT|U.S. CISA adds KNX Association KNX Protocol Connection Authorization Option 1 and Oracle flaws to its Known Exploited Vulnerabilities catalog|Two Scattered Spider Members Sentenced to Prison Over £29 Million TfL Cyberattack|TuxBot v3: The IoT Botnet Built With AI – Bugs, Disclaimers and All|Claude Code and DeepSeek Powered Chinese Cyber Espionage Campaign|Zoom Fixes CVE-2026-53412, a Critical Account Takeover Bug|US and allied Governments’ Recommendations: Securing Network Devices Against Russian APT Groups|Chaotic Eclipse Unveils LegacyHive Exploit Affecting Fully Patched Windows Systems|AsyncAPI npm Supply Chain Attack: Malware Injected Into Packages With 2 Million Weekly Downloads|U.S. CISA adds SonicWall and Microsoft flaws to its Known Exploited Vulnerabilities catalog|SonicWall warns of active exploitation of two SMA 1000 zero-days|Patch Tuesday security updates for July 2026, the largest update ever. 621 CVEs in one month|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Cisco addresses a critical static credential flaw in Common Services Platform Collector

Cisco released security updates to address a critical vulnerability in its Cisco Common Services Platform Collector (CSPC) software. Cisco released security updates to address a critical flaw, tracked as CVE-2019-1723, that consists in the presence of a default account with a static password. The account hasn’t admin privileges, but it could be exploited by an […]

Cisco Catalyst

Cisco released security updates to address a critical vulnerability in its Cisco Common Services Platform Collector (CSPC) software.

Cisco released security updates to address a critical flaw, tracked as CVE-2019-1723, that consists in the presence of a default account with a static password. The account hasn’t admin privileges, but it could be exploited by an unauthenticated attacker to gain remote access to the system.

The Cisco Common Services Platform Collector (CSPC) is a tool that collects information from Cisco devices installed on a network. The SNMP-based tool is used by both Smart Net Total Care (SmartNet) Network Collector and Partner Support Service (PSS) Network Collector.

“A vulnerability in the Cisco Common Services Platform Collector (CSPC) could allow an unauthenticated, remote attacker to access an affected device by using an account that has a default, static password. This account does not have administrator privileges.” reads the security advisory published by Cisco.

“The vulnerability exists because the affected software has a user account with a default, static password. An attacker could exploit this vulnerability by remotely connecting to the affected system using this account. A successful exploit could allow the attacker to log in to the CSPC using the default account.”

The vulnerability was reported to Cisco by the security researcher David Coomber. According to Cisco, the flaw affects CSPC releases 2.7.2 through 2.7.4.5 and all 2.8.x releases, the tech giant addressed it with the release of the versions 2.7.4.6 and 2.8.1.2.

The good news is that Cisco is not aware of any attacks exploiting this vulnerability in the wild.

Cisco Common Services Platform Collector

Earlier this month, Cisco released security updates to address dozens of vulnerabilities impacting the Nexus switches.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – Cisco Common Services Platform Collector, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]