Cisco Resource Manager (CRM) 1.1 and earlier creates certain files with insecure permissions that allow local users to obtain sensitive configuration information including usernames, passwords, and SNMP community strings, from (1) swim_swd.log, (2) swim_debug.log, (3) dbi_debug.log, and (4) temporary files whose names begin with "DPR_".
References
Link | Resource |
---|---|
http://ciac.llnl.gov/ciac/bulletins/i-086.shtml | Patch Vendor Advisory |
http://www.cisco.com/warp/public/770/crmtmp-pub.shtml | Patch Vendor Advisory |
https://exchange.xforce.ibmcloud.com/vulnerabilities/1575 |
Configurations
History
No history.
Information
Published : 1999-12-31 05:00
Updated : 2024-02-28 10:24
NVD link : CVE-1999-1126
Mitre link : CVE-1999-1126
CVE.ORG link : CVE-1999-1126
JSON object : View
Products Affected
cisco
- resource_manager
CWE