A vulnerability in the Cisco NetFlow Collection Engine could allow a remote attacker to gain access to a vulnerable system.
The Cisco Network Services (CNS) NetFlow Collection Engine (NFC) is a software package for supported UNIX platforms and is used to collect and monitor NetFlow accounting data for network devices such as routers and switches. It includes a web-based interface to perform application maintenance, configuration, and troubleshooting.
Versions of NFC prior to 6.0 create and use default accounts with an identical username and password of "nfcuser".
A remote attacker with knowledge of the default account information can gain administrative control of the NFC application configuration through the web-based interface.
Change passwords for the affected account
Thanks to Cisco Systems Product Security Incident Response Team for reporting this vulnerability.
This document was written by Chad R Dougherty.
|Date First Published:||2007-04-26|
|Date Last Updated:||2007-06-14 17:01 UTC|