Vulnerability Note VU#127545
Cisco NetFlow Collection Engine contains known default passwords
A vulnerability in the Cisco NetFlow Collection Engine could allow a remote attacker to gain access to a vulnerable system.
The Cisco Network Services (CNS) NetFlow Collection Engine (NFC) is a software package for supported UNIX platforms and is used to collect and monitor NetFlow accounting data for network devices such as routers and switches. It includes a web-based interface to perform application maintenance, configuration, and troubleshooting.
Versions of NFC prior to 6.0 create and use default accounts with an identical username and password of "nfcuser".
A remote attacker with knowledge of the default account information can gain administrative control of the NFC application configuration through the web-based interface.
Change passwords for the affected account
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Cisco Systems, Inc.||Affected||-||26 Apr 2007|
CVSS Metrics (Learn More)
Thanks to Cisco Systems Product Security Incident Response Team for reporting this vulnerability.
This document was written by Chad R Dougherty.
- CVE IDs: CVE-2007-2282
- Date Public: 25 Apr 2007
- Date First Published: 26 Apr 2007
- Date Last Updated: 14 Jun 2007
- Severity Metric: 7.50
- Document Revision: 7
If you have feedback, comments, or additional information about this vulnerability, please send us email.