Patch/Configuration Management, Vulnerability Management

Cisco warns of NetFlow vulnerability

Cisco's IP traffic-collection software contains a vulnerability that can provide attackers with unauthorized access and grant them full administrative control to an operating system, the networking giant reported in an advisory.

Versions prior to 6.0 of Cisco's NetFlow Collection Engine have a flaw that creates default accounts containing identical usernames and passwords, allowing attackers to bypass security checks, according to a French Security Incident Response Team (FrSIRT) advisory issued Wednesday.

The team rated the bug as a "moderate risk," but it can be remotely exploited.

Upon installation of NetFlow Circulation Engine, default user credentials are created, according to an advisory from US-CERT, resulting in remote attackers with knowledge of the credentials being able to gain access to an affected system.

Cisco recommended upgrading to version 6.0, which is not a free download.

The NetFlow Collection Engine is used to collect and analyze IP traffic from devices, such as switches and routers, according to Cisco. The data helps administrators detect threats such as DoS attacks and worms.

Click here to email reporter Dan Kaplan.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.