CVE Catalog

CVE-1999-1126

Low
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.36%

28th percentile — higher than 28% of all known CVEs

Summary

Cisco Resource Manager (CRM) 1.1 and earlier creates files with insecure permissions that allow local users to obtain sensitive configuration information including usernames, passwords, and SNMP community strings.

Risk Assessment

The organization may be exposed to unauthorized access to sensitive data, potentially leading to serious security breaches.

Recommendation

It is recommended to update Cisco Resource Manager to the latest version and review file permissions to ensure their security.

Original NVD description (English source)

Cisco Resource Manager (CRM) 1.1 and earlier creates certain files with insecure permissions that allow local users to obtain sensitive configuration information including usernames, passwords, and SNMP community strings, from (1) swim_swd.log, (2) swim_debug.log, (3) dbi_debug.log, and (4) temporary files whose names begin with "DPR_".

Vulnerability data from NVD (NIST) · CISA KEV · EPSS