Local File Permissions Issue in Cisco Resource Manager
CVE-1999-1126

Currently unrated

Key Information:

Vendor: Cisco
Status: Resource Manager
Vendor: CVE Published:; 31 December 1999

Summary

Cisco Resource Manager versions 1.1 and earlier create certain log files with insecure permissions, enabling local users to access sensitive configuration information. This includes usernames, passwords, and SNMP community strings from log files such as swim_swd.log, swim_debug.log, dbi_debug.log, and temporary files beginning with 'DPR_'. Exploiting this vulnerability can lead to unauthorized access to critical data, posing significant risks to the integrity and security of the affected systems.

References

http://ciac.llnl.gov/ciac/bulletins/i-086.shtml

third-party-advisorygovernment-resourcex_refsource_CIAC

https://exchange.xforce.ibmcloud.com/vulnerabilities/1575

vdb-entryx_refsource_XF

http://www.cisco.com/warp/public/770/crmtmp-pub.shtml

vendor-advisoryx_refsource_CISCO

Timeline

Vulnerability Reserved
Aug 31, 2001
Vulnerability published
Dec 31, 1999