Cisco NetFlow Collection Engine Remote Default Account Vulnerability

Bugtraq ID:	23647
Class:	Design Error
CVE:
Remote:	Yes
Local:	No
Published:	Apr 25 2007 12:00AM
Updated:	Apr 26 2007 09:10PM
Credit:	The vendor disclosed this issue.
Vulnerable:	Cisco NetFlow Collection Engine (NFC) 5.0.3 Cisco NetFlow Collection Engine (NFC) 5.0 Cisco NetFlow Collection Engine (NFC) 4.0 Cisco NetFlow Collection Engine (NFC) 3.6 Cisco NetFlow Collection Engine (NFC) 3.5 Cisco NetFlow Collection Engine (NFC) 3.0 Cisco NetFlow Collection Engine (NFC) 2.0 Cisco NetFlow Collection Engine (NFC) 1.0
Not Vulnerable:	Cisco NetFlow Collection Engine (NFC) 6.0

Cisco NetFlow Collection Engine Remote Default Account Vulnerability

Cisco NetFlow Collection Engine (NFC) is prone to a default-account vulnerability. This issue stems from a design flaw that makes an insecure account available to remote users.

Successfully exploiting this issue allows remote attackers to gain administrative access to the vulnerable application and user-level access to the hosting operating system.

Versions of Cisco NFC prior to 6.0 are vulnerable to this issue.

Cisco is tracking this issue as Cisco Bug ID CSCsh75038.

Cisco NetFlow Collection Engine Remote Default Account Vulnerability

Attackers use readily available network utilities to exploit this issue.

Cisco NetFlow Collection Engine Remote Default Account Vulnerability

Solution:
Cisco has released version 6.0.0 of NFC to address this issue. Please see the referenced advisory for more information.

Cisco NetFlow Collection Engine Remote Default Account Vulnerability

References:

• Cisco NetFlow Collector (NFC) Product Page (Cisco)
  
• Cisco Security Advisory: Default Passwords in NetFlow Collection Engine (Cisco Systems Product Security Incident Response Team )
  
• Cisco Security Advisory: Default Passwords in NetFlow Collection Engine (Cisco)
  
• Vulnerability Note VU#127545 Cisco NetFlow Collection Engine contains known defa (US-CERT)