Описание
Cisco Network Services (CNS) NetFlow Collection Engine (NFC) before 6.0 has an nfcuser account with the default password nfcuser, which allows remote attackers to modify the product configuration and, when installed on Linux, obtain login access to the host operating system.
Ссылки
- Vendor Advisory
- US Government Resource
- Vendor Advisory
- US Government Resource
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:cisco:netflow_collection_engine:1.0:*:*:*:*:*:*:*
cpe:2.3:a:cisco:netflow_collection_engine:2.0:*:*:*:*:*:*:*
cpe:2.3:a:cisco:netflow_collection_engine:3.0:*:*:*:*:*:*:*
cpe:2.3:a:cisco:netflow_collection_engine:3.5:*:*:*:*:*:*:*
cpe:2.3:a:cisco:netflow_collection_engine:3.6:*:*:*:*:*:*:*
cpe:2.3:a:cisco:netflow_collection_engine:4.0:*:*:*:*:*:*:*
cpe:2.3:a:cisco:netflow_collection_engine:5.0:*:*:*:*:*:*:*
cpe:2.3:a:cisco:netflow_collection_engine:5.0.3:*:*:*:*:*:*:*
EPSS
Процентиль: 81%
0.01619
Низкий
10 Critical
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
Cisco Network Services (CNS) NetFlow Collection Engine (NFC) before 6.0 has an nfcuser account with the default password nfcuser, which allows remote attackers to modify the product configuration and, when installed on Linux, obtain login access to the host operating system.
EPSS
Процентиль: 81%
0.01619
Низкий
10 Critical
CVSS2
Дефекты
NVD-CWE-Other