Cisco warns of NetFlow vulnerability

By
Follow google news

Cisco's IP traffic-collection software contains a vulnerability that can provide attackers with unauthorised access and grant them full administrative control to an operating system, the networking giant reported in an advisory.

Cisco warns of NetFlow vulnerability
Versions prior to 6.0 of Cisco's NetFlow Collection Engine have a flaw that creates default accounts containing identical usernames and passwords, allowing attackers to bypass security checks, according to a French Security Incident Response Team (FrSIRT) advisory issued Wednesday.

The team rated the bug as a "moderate risk," but it can be remotely exploited.

Upon installation of NetFlow Circulation Engine, default user credentials are created, according to an advisory from US-CERT, resulting in remote attackers with knowledge of the credentials being able to gain access to an affected system.

Cisco recommended upgrading to version 6.0, which is not a free download.

The NetFlow Collection Engine is used to collect and analyze IP traffic from devices, such as switches and routers, according to Cisco. The data helps administrators detect threats such as DoS attacks and worms.

Add iTnews as your trusted source

Add iTnews As Your Trusted Source Add iTnews As Your Trusted Source
Got a news tip for our journalists? Share it with us anonymously here.
Tags:
ciscoofsecurityvulnerabilitywarns

Sponsored Whitepapers

1 in 3 companies lose SaaS data. Here’s how to prevent it
1 in 3 companies lose SaaS data. Here’s how to prevent it
The biggest AI opportunities are still ahead
The biggest AI opportunities are still ahead
AI workflows vs. AI agents: From automation to autonomy
AI workflows vs. AI agents: From automation to autonomy
Context engineering with hybrid search for agentic AI
Context engineering with hybrid search for agentic AI
Building search in the age of generative AI: A blueprint for success
Building search in the age of generative AI: A blueprint for success

Events

Most Read Articles

Services Australia describes fraud, debt-related machine learning use cases

Services Australia describes fraud, debt-related machine learning use cases
Medibank reveals attack vector and cost of 2022 security breach

Medibank reveals attack vector and cost of 2022 security breach
USB stick opens Windows BitLocker drives in new zero-day

USB stick opens Windows BitLocker drives in new zero-day
GitHub compromised, allegedly by TeamPCP

GitHub compromised, allegedly by TeamPCP
techpartner.news logo
Sydney-based AI-cloud waste startup raises $3m
Sydney-based AI-cloud waste startup raises $3m
Brennan uses NiCE to modernise its contact centre
Brennan uses NiCE to modernise its contact centre
Impact Awards: Tecala slashes customer response times for fintech IQumulate
Impact Awards: Tecala slashes customer response times for fintech IQumulate
Interactive introduces private cloud platform
Interactive introduces private cloud platform
Digital61 expands cybersecurity portfolio
Digital61 expands cybersecurity portfolio

Log In

  |  Forgot your password?