Vulnerabilities > CVE-1999-1126 - Unspecified vulnerability in Cisco Resource Manager 1.0/1.1

CVSS 2.1 - LOW

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

local

low complexity

cisco

NVD

Published: 1999-12-31

Updated: 2017-12-19

Summary

Cisco Resource Manager (CRM) 1.1 and earlier creates certain files with insecure permissions that allow local users to obtain sensitive configuration information including usernames, passwords, and SNMP community strings, from (1) swim_swd.log, (2) swim_debug.log, (3) dbi_debug.log, and (4) temporary files whose names begin with "DPR_".

Vulnerable Configurations

Part	Description	Count
Application	Cisco Cisco Resource Manager - Cisco Resource Manager 1.0 Cisco Resource Manager 1.1	3

References

http://ciac.llnl.gov/ciac/bulletins/i-086.shtml
http://www.cisco.com/warp/public/770/crmtmp-pub.shtml
https://exchange.xforce.ibmcloud.com/vulnerabilities/1575