CVE-2007-2282

{"id": "CVE-2007-2282", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": true, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2007-04-26T19:19:00.000", "references": [{"url": "http://securitytracker.com/id?1017960", "source": "cve@mitre.org"}, {"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a008082c520.shtml", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.kb.cert.org/vuls/id/127545", "tags": ["US Government Resource"], "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/35524", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/23647", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2007/1545", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33861", "source": "cve@mitre.org"}, {"url": "http://securitytracker.com/id?1017960", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a008082c520.shtml", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.kb.cert.org/vuls/id/127545", "tags": ["US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.osvdb.org/35524", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/23647", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2007/1545", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33861", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Cisco Network Services (CNS) NetFlow Collection Engine (NFC) before 6.0 has an nfcuser account with the default password nfcuser, which allows remote attackers to modify the product configuration and, when installed on Linux, obtain login access to the host operating system."}, {"lang": "es", "value": "Cisco Network Services (CNS) NetFlow Collection Engine (NFC) anterior a 6.0 tiene una cuenta nfcuser con la contrase\u00f1a por defecto nfcuser, lo cual permite a atacantes remotos modificar la configuraci\u00f3n del producto y, cuando se instala sobre Linux, obtener acceso de login en el sistema operativo host."}], "lastModified": "2024-11-21T00:30:23.620", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:netflow_collection_engine:1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1807D723-161A-46FD-9AD7-F7C69D0A8413"}, {"criteria": "cpe:2.3:a:cisco:netflow_collection_engine:2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6B221905-FA88-42E4-AD14-46C898BD2F28"}, {"criteria": "cpe:2.3:a:cisco:netflow_collection_engine:3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D8E52AEC-B8E0-42F3-B856-C1057E7C45F3"}, {"criteria": "cpe:2.3:a:cisco:netflow_collection_engine:3.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B886D5FF-14E2-49BB-9E7A-CA4A4856012B"}, {"criteria": "cpe:2.3:a:cisco:netflow_collection_engine:3.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "98F41DD9-70BA-443F-8A77-5DADC03E03D1"}, {"criteria": "cpe:2.3:a:cisco:netflow_collection_engine:4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4853160D-497B-48CA-AA86-CA58C9893D0B"}, {"criteria": "cpe:2.3:a:cisco:netflow_collection_engine:5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3BB06510-5A6C-4360-9362-62F1EAA52C94"}, {"criteria": "cpe:2.3:a:cisco:netflow_collection_engine:5.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CC215FF5-586D-483E-A53A-D2057AA7A18B"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org", "evaluatorSolution": "The vendor has addressed this issue through the update 6.0.0 of the NetFlow Collection Engine."}