Lucene search

MitreCVE-2007-2282

HistoryApr 26, 2007 - 7:19 p.m.

CVE-2007-2282

2007-04-2619:19:00

mitre

web.nvd.nist.gov

cisco

network services

cns

netflow

collection engine

nfc

security vulnerability

cve-2007-2282

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

6.9

Confidence

Low

EPSS

0.02

Percentile

88.9%

JSON

Cisco Network Services (CNS) NetFlow Collection Engine (NFC) before 6.0 has an nfcuser account with the default password nfcuser, which allows remote attackers to modify the product configuration and, when installed on Linux, obtain login access to the host operating system.

Affected configurations

Nvd

Node

cisconetflow_collection_engineMatch1.0

cisconetflow_collection_engineMatch2.0

cisconetflow_collection_engineMatch3.0

cisconetflow_collection_engineMatch3.5

cisconetflow_collection_engineMatch3.6

cisconetflow_collection_engineMatch4.0

cisconetflow_collection_engineMatch5.0

cisconetflow_collection_engineMatch5.0.3

VendorProductVersionCPE
cisconetflow_collection_engine1.0cpe:2.3:a:cisco:netflow_collection_engine:1.0:*:*:*:*:*:*:*
cisconetflow_collection_engine2.0cpe:2.3:a:cisco:netflow_collection_engine:2.0:*:*:*:*:*:*:*
cisconetflow_collection_engine3.0cpe:2.3:a:cisco:netflow_collection_engine:3.0:*:*:*:*:*:*:*
cisconetflow_collection_engine3.5cpe:2.3:a:cisco:netflow_collection_engine:3.5:*:*:*:*:*:*:*
cisconetflow_collection_engine3.6cpe:2.3:a:cisco:netflow_collection_engine:3.6:*:*:*:*:*:*:*
cisconetflow_collection_engine4.0cpe:2.3:a:cisco:netflow_collection_engine:4.0:*:*:*:*:*:*:*
cisconetflow_collection_engine5.0cpe:2.3:a:cisco:netflow_collection_engine:5.0:*:*:*:*:*:*:*
cisconetflow_collection_engine5.0.3cpe:2.3:a:cisco:netflow_collection_engine:5.0.3:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	netflow_collection_engine	1.0	cpe:2.3:a:cisco:netflow_collection_engine:1.0:::::::*
cisco	netflow_collection_engine	2.0	cpe:2.3:a:cisco:netflow_collection_engine:2.0:::::::*
cisco	netflow_collection_engine	3.0	cpe:2.3:a:cisco:netflow_collection_engine:3.0:::::::*
cisco	netflow_collection_engine	3.5	cpe:2.3:a:cisco:netflow_collection_engine:3.5:::::::*
cisco	netflow_collection_engine	3.6	cpe:2.3:a:cisco:netflow_collection_engine:3.6:::::::*
cisco	netflow_collection_engine	4.0	cpe:2.3:a:cisco:netflow_collection_engine:4.0:::::::*
cisco	netflow_collection_engine	5.0	cpe:2.3:a:cisco:netflow_collection_engine:5.0:::::::*
cisco	netflow_collection_engine	5.0.3	cpe:2.3:a:cisco:netflow_collection_engine:5.0.3:::::::*

References

securitytracker.com/id?1017960

www.cisco.com/en/US/products/products_security_advisory09186a008082c520.shtml

www.kb.cert.org/vuls/id/127545

www.osvdb.org/35524

www.securityfocus.com/bid/23647

www.vupen.com/english/advisories/2007/1545

exchange.xforce.ibmcloud.com/vulnerabilities/33861

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

6.9

Confidence

Low

EPSS

0.02

Percentile

88.9%

JSON

Related for CVE-2007-2282