Details of VAR-199912-0029

ID

VAR-199912-0029

CVE

CVE-1999-1126

TITLE

Cisco Resource Manager Permission permission vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-199912-133

DESCRIPTION

Cisco Resource Manager (CRM) 1.1 and earlier creates certain files with insecure permissions that allow local users to obtain sensitive configuration information including usernames, passwords, and SNMP community strings, from (1) swim_swd.log, (2) swim_debug.log, (3) dbi_debug.log, and (4) temporary files whose names begin with "DPR_". Cisco Resource Manager is prone to a local security vulnerability. Attackers can exploit this issue to perform unauthorized actions. This may aid in further attacks. CRM will create a file with unsafe permissions, local users can get sensitive from (1) swim_swd.log, (2) swim_debug.log, (3) dbi_debug

Trust: 1.26

sources: NVD: CVE-1999-1126 // BID: 87017 // VULHUB: VHN-1107

AFFECTED PRODUCTS

vendor:	cisco	model:	resource manager	scope:	lte	version:	1.1	Trust: 1.0
vendor:	cisco	model:	resource manager	scope:	eq	version:	1.1	Trust: 0.9

sources: BID: 87017 // CNNVD: CNNVD-199912-133 // NVD: CVE-1999-1126

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-1999-1126
value:	LOW
Trust: 1.0
CNNVD:	CNNVD-199912-133
value:	LOW
Trust: 0.6
VULHUB:	VHN-1107
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-1999-1126
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-1107
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-1107 // CNNVD: CNNVD-199912-133 // NVD: CVE-1999-1126

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-1999-1126

THREAT TYPE

local

Trust: 0.9

sources: BID: 87017 // CNNVD: CNNVD-199912-133

TYPE

unknown

Trust: 0.6

sources: CNNVD: CNNVD-199912-133

EXTERNAL IDS

db:	NVD	id:	CVE-1999-1126	Trust: 2.0
db:	XF	id:	1575	Trust: 0.9
db:	CNNVD	id:	CNNVD-199912-133	Trust: 0.7
db:	CIAC	id:	I-086	Trust: 0.6
db:	CISCO	id:	19980813 CRM TEMPORARY FILE VULNERABILITY	Trust: 0.6
db:	BID	id:	87017	Trust: 0.4
db:	VULHUB	id:	VHN-1107	Trust: 0.1

sources: VULHUB: VHN-1107 // BID: 87017 // CNNVD: CNNVD-199912-133 // NVD: CVE-1999-1126

REFERENCES

url:	http://ciac.llnl.gov/ciac/bulletins/i-086.shtml	Trust: 2.0
url:	http://www.cisco.com/warp/public/770/crmtmp-pub.shtml	Trust: 2.0
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/1575	Trust: 1.1
url:	http://xforce.iss.net/static/1575.php	Trust: 0.9

sources: VULHUB: VHN-1107 // BID: 87017 // CNNVD: CNNVD-199912-133 // NVD: CVE-1999-1126

CREDITS

Unknown

Trust: 0.3

sources: BID: 87017

SOURCES

db:	VULHUB	id:	VHN-1107
db:	BID	id:	87017
db:	CNNVD	id:	CNNVD-199912-133
db:	NVD	id:	CVE-1999-1126

LAST UPDATE DATE

2024-08-14T13:40:50.020000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-1107	date:	2017-12-19T00:00:00
db:	BID	id:	87017	date:	1999-12-31T00:00:00
db:	CNNVD	id:	CNNVD-199912-133	date:	2005-10-20T00:00:00
db:	NVD	id:	CVE-1999-1126	date:	2017-12-19T02:29:02.410

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-1107	date:	1999-12-31T00:00:00
db:	BID	id:	87017	date:	1999-12-31T00:00:00
db:	CNNVD	id:	CNNVD-199912-133	date:	1999-12-31T00:00:00
db:	NVD	id:	CVE-1999-1126	date:	1999-12-31T05:00:00