CVE-2007-2282

critical

Description

Cisco Network Services (CNS) NetFlow Collection Engine (NFC) before 6.0 has an nfcuser account with the default password nfcuser, which allows remote attackers to modify the product configuration and, when installed on Linux, obtain login access to the host operating system.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/33861

http://www.vupen.com/english/advisories/2007/1545

http://www.securityfocus.com/bid/23647

http://www.osvdb.org/35524

http://www.kb.cert.org/vuls/id/127545

http://www.cisco.com/en/US/products/products_security_advisory09186a008082c520.shtml

http://securitytracker.com/id?1017960

Details

Source: Mitre, NVD

Published: 2007-04-26

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Severity: Critical

EPSS

EPSS: 0.01099