CVE-2007-2282 - OpenCVE

Cisco Network Services (CNS) NetFlow Collection Engine (NFC) before 6.0 has an nfcuser account with the default password nfcuser, which allows remote attackers to modify the product configuration and, when installed on Linux, obtain login access to the host operating system.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Cisco	Netflow Collection Engine

Configuration 1 [-]

OR	cpe:2.3:a:cisco:netflow_collection_engine:1.0:::::::*
	cpe:2.3:a:cisco:netflow_collection_engine:2.0:::::::*
	cpe:2.3:a:cisco:netflow_collection_engine:3.0:::::::*
	cpe:2.3:a:cisco:netflow_collection_engine:3.5:::::::*
	cpe:2.3:a:cisco:netflow_collection_engine:3.6:::::::*
	cpe:2.3:a:cisco:netflow_collection_engine:4.0:::::::*
	cpe:2.3:a:cisco:netflow_collection_engine:5.0:::::::*
	cpe:2.3:a:cisco:netflow_collection_engine:5.0.3:::::::*

No data.

References

Link	Providers
http://securitytracker.com/id?1017960
http://www.cisco.com/en/US/products/products_security_advisory09186a008082c520.shtml
http://www.kb.cert.org/vuls/id/127545
http://www.osvdb.org/35524
http://www.securityfocus.com/bid/23647
http://www.vupen.com/english/advisories/2007/1545
https://exchange.xforce.ibmcloud.com/vulnerabilities/33861

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-04-26T19:00:00

Updated: 2024-08-07T13:33:28.228Z

Reserved: 2007-04-26T00:00:00

Link: CVE-2007-2282

Vulnrichment

No data.

NVD

Status : Modified

Published: 2007-04-26T19:19:00.000

Modified: 2017-07-29T01:31:21.063

Link: CVE-2007-2282

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-04-25T00:00:00", "descriptions": [{"lang": "en", "value": "Cisco Network Services (CNS) NetFlow Collection Engine (NFC) before 6.0 has an nfcuser account with the default password nfcuser, which allows remote attackers to modify the product configuration and, when installed on Linux, obtain login access to the host operating system."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "ADV-2007-1545", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/1545"}, {"name": "20070425 Default Passwords in NetFlow Collection Engine", "tags": ["vendor-advisory", "x_refsource_CISCO"], "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a008082c520.shtml"}, {"name": "35524", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/35524"}, {"name": "23647", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/23647"}, {"name": "1017960", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1017960"}, {"name": "cisco-nfc-default-password(33861)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33861"}, {"name": "VU#127545", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/127545"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-2282", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cisco Network Services (CNS) NetFlow Collection Engine (NFC) before 6.0 has an nfcuser account with the default password nfcuser, which allows remote attackers to modify the product configuration and, when installed on Linux, obtain login access to the host operating system."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "ADV-2007-1545", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/1545"}, {"name": "20070425 Default Passwords in NetFlow Collection Engine", "refsource": "CISCO", "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a008082c520.shtml"}, {"name": "35524", "refsource": "OSVDB", "url": "http://www.osvdb.org/35524"}, {"name": "23647", "refsource": "BID", "url": "http://www.securityfocus.com/bid/23647"}, {"name": "1017960", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1017960"}, {"name": "cisco-nfc-default-password(33861)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33861"}, {"name": "VU#127545", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/127545"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T13:33:28.228Z"}, "title": "CVE Program Container", "references": [{"name": "ADV-2007-1545", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/1545"}, {"name": "20070425 Default Passwords in NetFlow Collection Engine", "tags": ["vendor-advisory", "x_refsource_CISCO", "x_transferred"], "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a008082c520.shtml"}, {"name": "35524", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/35524"}, {"name": "23647", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/23647"}, {"name": "1017960", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1017960"}, {"name": "cisco-nfc-default-password(33861)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33861"}, {"name": "VU#127545", "tags": ["third-party-advisory", "x_refsource_CERT-VN", "x_transferred"], "url": "http://www.kb.cert.org/vuls/id/127545"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-2282", "datePublished": "2007-04-26T19:00:00", "dateReserved": "2007-04-26T00:00:00", "dateUpdated": "2024-08-07T13:33:28.228Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:netflow_collection_engine:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "1807D723-161A-46FD-9AD7-F7C69D0A8413", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:netflow_collection_engine:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "6B221905-FA88-42E4-AD14-46C898BD2F28", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:netflow_collection_engine:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "D8E52AEC-B8E0-42F3-B856-C1057E7C45F3", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:netflow_collection_engine:3.5:*:*:*:*:*:*:*", "matchCriteriaId": "B886D5FF-14E2-49BB-9E7A-CA4A4856012B", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:netflow_collection_engine:3.6:*:*:*:*:*:*:*", "matchCriteriaId": "98F41DD9-70BA-443F-8A77-5DADC03E03D1", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:netflow_collection_engine:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "4853160D-497B-48CA-AA86-CA58C9893D0B", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:netflow_collection_engine:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "3BB06510-5A6C-4360-9362-62F1EAA52C94", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:netflow_collection_engine:5.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "CC215FF5-586D-483E-A53A-D2057AA7A18B", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Cisco Network Services (CNS) NetFlow Collection Engine (NFC) before 6.0 has an nfcuser account with the default password nfcuser, which allows remote attackers to modify the product configuration and, when installed on Linux, obtain login access to the host operating system."}, {"lang": "es", "value": "Cisco Network Services (CNS) NetFlow Collection Engine (NFC) anterior a 6.0 tiene una cuenta nfcuser con la contrase\u00f1a por defecto nfcuser, lo cual permite a atacantes remotos modificar la configuraci\u00f3n del producto y, cuando se instala sobre Linux, obtener acceso de login en el sistema operativo host."}], "evaluatorSolution": "The vendor has addressed this issue through the update 6.0.0 of the NetFlow Collection Engine.", "id": "CVE-2007-2282", "lastModified": "2017-07-29T01:31:21.063", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-04-26T19:19:00.000", "references": [{"source": "cve@mitre.org", "url": "http://securitytracker.com/id?1017960"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a008082c520.shtml"}, {"source": "cve@mitre.org", "tags": ["US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/127545"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/35524"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/23647"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2007/1545"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33861"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}