Cisco released a security advisory on Thursday describing a vulnerability that affects various versions of its Cisco Network Services NetFlow monitoring tool.
Upon installation, default user credentials are created on the system, according to another advisory from the U.S.-CERT. A remote attacker with knowledge of these hard-coded credentials may be able to gain access to an affected system.
The bug affects NetFlow versions prior to 6.0.
The NetFlow Collection Engine is a monitoring tool that provides network management infrastructure metering for technologies like routers and switches. The collected data can be used to provide a network baseline that helps IT managers detect network irregularities like denial-of-service attacks, malware, and other malicious activity.
NetFlow runs on a Unix platform. When it's installed, it creates a default Web-based user account -- nfcuser -- which is required to perform application maintenance, configuration, and troubleshooting with a password of nfcuser, Cisco reported. In versions prior to 6.0, the installer also will create a local user -- which also is called nfcuser -- on the operating system with a default password also identical to the username. If the user already exists, the installer will change the password to be the same as the username.
Cisco recommends users upgrade to Version 6.0. It's not a free upgrade. The company also recommends in its advisory that users can manually change the password on the host operating system.