Versions of Cisco Network Services (CNS) NetFlow Collection Engine
(NFC) prior to 6.0 create and use default accounts with identical usernames and
passwords. An attacker with knowledge of these accounts can modify the
application configuration and, in certain instances, gain user access to the
host operating system.
The upgrade to NFC version 6.0 is not a free upgrade. This default
password issue does not require a software upgrade and can be changed by a
configuration command for all affected customers. The workaround detailed in
this document demonstrates how to change the passwords in 5.0.