Executive Summary

Summary
Title Default Passwords in NetFlow Collection Engine
Informations
Name cisco-sa-20070425-nfc First vendor Publication 2007-02-16
Vendor Cisco Last vendor Modification 2008-04-24
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 10 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Versions of Cisco Network Services (CNS) NetFlow Collection Engine (NFC) prior to 6.0 create and use default accounts with identical usernames and passwords. An attacker with knowledge of these accounts can modify the application configuration and, in certain instances, gain user access to the host operating system.

Original Source

Url : http://www.cisco.com/warp/public/707/cisco-sa-20070425-nfc.shtml

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 8

Open Source Vulnerability Database (OSVDB)

Id Description
35524 Cisco NetFlow Collection Engine (NFC) nfcuser Default Account

By default, Netflow Collection Engine installs with a default password. The nfcuser account has a password of nfcuser which is publicly known and documented. This allows attackers to trivially access the program or system.