| |
Vulnerability CVE-1999-1126
Published: 1999-12-31 Modified: 2012-02-12
| Description: |
Cisco Resource Manager (CRM) 1.1 and earlier creates certain files with insecure permissions that allow local users to obtain sensitive configuration information including usernames, passwords, and SNMP community strings, from (1) swim_swd.log, (2) swim_debug.log, (3) dbi_debug.log, and (4) temporary files whose names begin with "DPR_". |
Type:
CWE-Other
CVSS2 => (AV:L/AC:L/Au:N/C:P/I:N/A:N)
| CVSS Base Score |
Impact Subscore |
Exploitability Subscore |
2.1/10 |
2.9/10 |
3.9/10 |
| Exploit range |
Attack complexity |
Authentication |
Local |
Low |
No required |
| Confidentiality impact |
Integrity impact |
Availability impact |
Partial |
None |
None |
References: |
http://ciac.llnl.gov/ciac/bulletins/i-086.shtml
http://www.cisco.com/warp/public/770/crmtmp-pub.shtml
https://exchange.xforce.ibmcloud.com/vulnerabilities/1575
|
|
|
Copyright 2024, cxsecurity.com
|
|
|
