ID

VAR-199912-0029


CVE

CVE-1999-1126


TITLE

Cisco Resource Manager Permission permission vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-199912-133

DESCRIPTION

Cisco Resource Manager (CRM) 1.1 and earlier creates certain files with insecure permissions that allow local users to obtain sensitive configuration information including usernames, passwords, and SNMP community strings, from (1) swim_swd.log, (2) swim_debug.log, (3) dbi_debug.log, and (4) temporary files whose names begin with "DPR_". Cisco Resource Manager is prone to a local security vulnerability. Attackers can exploit this issue to perform unauthorized actions. This may aid in further attacks. CRM will create a file with unsafe permissions, local users can get sensitive from (1) swim_swd.log, (2) swim_debug.log, (3) dbi_debug

Trust: 1.26

sources: NVD: CVE-1999-1126 // BID: 87017 // VULHUB: VHN-1107

AFFECTED PRODUCTS

vendor:ciscomodel:resource managerscope:lteversion:1.1

Trust: 1.0

vendor:ciscomodel:resource managerscope:eqversion:1.1

Trust: 0.9

sources: BID: 87017 // CNNVD: CNNVD-199912-133 // NVD: CVE-1999-1126

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-1999-1126
value: LOW

Trust: 1.0

CNNVD: CNNVD-199912-133
value: LOW

Trust: 0.6

VULHUB: VHN-1107
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-1999-1126
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-1107
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-1107 // CNNVD: CNNVD-199912-133 // NVD: CVE-1999-1126

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-1999-1126

THREAT TYPE

local

Trust: 0.9

sources: BID: 87017 // CNNVD: CNNVD-199912-133

TYPE

unknown

Trust: 0.6

sources: CNNVD: CNNVD-199912-133

EXTERNAL IDS

db:NVDid:CVE-1999-1126

Trust: 2.0

db:XFid:1575

Trust: 0.9

db:CNNVDid:CNNVD-199912-133

Trust: 0.7

db:CIACid:I-086

Trust: 0.6

db:CISCOid:19980813 CRM TEMPORARY FILE VULNERABILITY

Trust: 0.6

db:BIDid:87017

Trust: 0.4

db:VULHUBid:VHN-1107

Trust: 0.1

sources: VULHUB: VHN-1107 // BID: 87017 // CNNVD: CNNVD-199912-133 // NVD: CVE-1999-1126

REFERENCES

url:http://ciac.llnl.gov/ciac/bulletins/i-086.shtml

Trust: 3.0

url:http://www.cisco.com/warp/public/770/crmtmp-pub.shtml

Trust: 3.0

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/1575

Trust: 2.1

url:http://xforce.iss.net/static/1575.php

Trust: 0.9

sources: VULHUB: VHN-1107 // BID: 87017 // CNNVD: CNNVD-199912-133 // NVD: CVE-1999-1126

CREDITS

Unknown

Trust: 0.3

sources: BID: 87017

SOURCES

db:VULHUBid:VHN-1107
db:BIDid:87017
db:CNNVDid:CNNVD-199912-133
db:NVDid:CVE-1999-1126

LAST UPDATE DATE

2024-11-22T23:00:11.709000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-1107date:2017-12-19T00:00:00
db:BIDid:87017date:1999-12-31T00:00:00
db:CNNVDid:CNNVD-199912-133date:2005-10-20T00:00:00
db:NVDid:CVE-1999-1126date:2024-11-20T23:30:22.357

SOURCES RELEASE DATE

db:VULHUBid:VHN-1107date:1999-12-31T00:00:00
db:BIDid:87017date:1999-12-31T00:00:00
db:CNNVDid:CNNVD-199912-133date:1999-12-31T00:00:00
db:NVDid:CVE-1999-1126date:1999-12-31T05:00:00