Cisco warns of NetFlow vulnerability

By
Follow google news

Cisco's IP traffic-collection software contains a vulnerability that can provide attackers with unauthorised access and grant them full administrative control to an operating system, the networking giant reported in an advisory.

Cisco warns of NetFlow vulnerability
Versions prior to 6.0 of Cisco's NetFlow Collection Engine have a flaw that creates default accounts containing identical usernames and passwords, allowing attackers to bypass security checks, according to a French Security Incident Response Team (FrSIRT) advisory issued Wednesday.

The team rated the bug as a "moderate risk," but it can be remotely exploited.

Upon installation of NetFlow Circulation Engine, default user credentials are created, according to an advisory from US-CERT, resulting in remote attackers with knowledge of the credentials being able to gain access to an affected system.

Cisco recommended upgrading to version 6.0, which is not a free download.

The NetFlow Collection Engine is used to collect and analyze IP traffic from devices, such as switches and routers, according to Cisco. The data helps administrators detect threats such as DoS attacks and worms.

Add iTnews as your trusted source

Add iTnews As Your Trusted Source Add iTnews As Your Trusted Source
Got a news tip for our journalists? Share it with us anonymously here.
Tags:
ciscoofsecurityvulnerabilitywarns

Sponsored Whitepapers

5 reasons to adopt a mobile first security strategy
5 reasons to adopt a mobile first security strategy
Uncomplicate IT Service Delivery with AI Agents
Uncomplicate IT Service Delivery with AI Agents
Getting ahead of the tech: what’s next for Australian organisations in digital transformation
Getting ahead of the tech: what’s next for Australian organisations in digital transformation
Fintech compliance made fast and secure
Fintech compliance made fast and secure
How to evaluate SIEM solutions Safeguarding your future Get a demo Download guide
How to evaluate SIEM solutions Safeguarding your future Get a demo Download guide

Events

Most Read Articles

Supply chain attack hits 100 million-download Axios npm package

Supply chain attack hits 100 million-download Axios npm package
NAB is co-designing a SIEM with Databricks

NAB is co-designing a SIEM with Databricks
APRA pulls data submission system after security pentest

APRA pulls data submission system after security pentest
Councils push for federal shared security centre funding

Councils push for federal shared security centre funding
techpartner.news logo
Sydney-based AI-cloud waste startup raises $3m
Sydney-based AI-cloud waste startup raises $3m
Brennan uses NiCE to modernise its contact centre
Brennan uses NiCE to modernise its contact centre
Impact Awards: Tecala slashes customer response times for fintech IQumulate
Impact Awards: Tecala slashes customer response times for fintech IQumulate
Interactive introduces private cloud platform
Interactive introduces private cloud platform
Digital61 expands cybersecurity portfolio
Digital61 expands cybersecurity portfolio

Log In

  |  Forgot your password?