PT-2007-3615 · Cisco+1 · Cisco Network Services (Cns) Netflow Collection Engine+1

Published

2007-04-26

Updated

2017-07-29

CVE-2007-2282

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Cisco Network Services (CNS) NetFlow Collection Engine (NFC) versions prior to 6.0

Description The issue allows remote attackers to modify the product configuration. When installed on Linux, it also allows attackers to obtain login access to the host operating system. This is due to an nfcuser account with a default password.

Recommendations For versions prior to 6.0, change the default password of the nfcuser account to prevent unauthorized access. As a temporary workaround, consider restricting access to the NFC service until the default password is changed.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2007-2282

Affected Products

Cisco Network Services (Cns) Netflow Collection Engine

Linux

PT-2007-3615 · Cisco+1 · Cisco Network Services (Cns) Netflow Collection Engine+1

CVE-2007-2282

Related Identifiers

Affected Products

References · 8