CVE-1999-1126

Cisco Resource Manager (CRM) 1.1 and earlier creates certain files with insecure permissions that allow local users to obtain sensitive configuration information including usernames, passwords, and SNMP community strings, from (1) swim_swd.log, (2) swim_debug.log, (3) dbi_debug.log, and (4) temporary files whose names begin with "DPR_".

Published: Dec 31, 1999
Updated: Apr 13, 2023
CVE: CVE-1999-1126
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 2.1
AV:L/AC:L/Au:N/C:P/I:N/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
cisco / resource_manager	-	1.1.x

http://ciac.llnl.gov/ciac/bulletins/i-086.shtml
http://www.cisco.com/warp/public/770/crmtmp-pub.shtml
https://exchange.xforce.ibmcloud.com/vulnerabilities/1575

Vulnerability Database

289,697

CVE-1999-1126