Executive Summary
Summary | |
---|---|
Title | Default Passwords in NetFlow Collection Engine |
Informations | |||
---|---|---|---|
Name | cisco-sa-20070425-nfc | First vendor Publication | 2007-02-16 |
Vendor | Cisco | Last vendor Modification | 2008-04-24 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Versions of Cisco Network Services (CNS) NetFlow Collection Engine (NFC) prior to 6.0 create and use default accounts with identical usernames and passwords. An attacker with knowledge of these accounts can modify the application configuration and, in certain instances, gain user access to the host operating system. |
Original Source
Url : http://www.cisco.com/warp/public/707/cisco-sa-20070425-nfc.shtml |
CPE : Common Platform Enumeration
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
35524 | Cisco NetFlow Collection Engine (NFC) nfcuser Default Account By default, Netflow Collection Engine installs with a default password. The nfcuser account has a password of nfcuser which is publicly known and documented. This allows attackers to trivially access the program or system. |