Use of hard-coded credentials in Cisco FindIT Network Manager - CVE-2019-1919
Published: July 18, 2019
Vulnerability identifier: #VU19249
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2019-1919
CWE-ID: CWE-798
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Cisco Systems, Inc
Affected software:
Cisco FindIT Network Manager
Cisco FindIT Network Manager
Detailed vulnerability description
The vulnerability allows a local attacker to gain full access to vulnerable system.
The vulnerability exists due to the presence of an account with static credentials in the virtual machine (VM) images in the underlying Linux operating system. A local unauthenticated attacker who has access to the VM console can log in to the command line of the affected VM with the static account that has root privileges.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
How to mitigate CVE-2019-1919
Install updates from vendor's website.