Vulnerabilities > CVE-2007-2282 - Remote Default Account vulnerability in Cisco NetFlow Collection Engine
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Cisco Network Services (CNS) NetFlow Collection Engine (NFC) before 6.0 has an nfcuser account with the default password nfcuser, which allows remote attackers to modify the product configuration and, when installed on Linux, obtain login access to the host operating system. The vendor has addressed this issue through the update 6.0.0 of the NetFlow Collection Engine.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 8 |
References
- http://securitytracker.com/id?1017960
- http://www.cisco.com/en/US/products/products_security_advisory09186a008082c520.shtml
- http://www.kb.cert.org/vuls/id/127545
- http://www.osvdb.org/35524
- http://www.securityfocus.com/bid/23647
- http://www.vupen.com/english/advisories/2007/1545
- https://exchange.xforce.ibmcloud.com/vulnerabilities/33861