CVE-1999-1126

Sažetak

Cisco Resource Manager (CRM) 1.1 and earlier creates certain files with insecure permissions that allow local users to obtain sensitive configuration information including usernames, passwords, and SNMP community strings, from (1) swim_swd.log, (2) swim_debug.log, (3) dbi_debug.log, and (4) temporary files whose names begin with "DPR_".

Reference

http://ciac.llnl.gov/ciac/bulletins/i-086.shtml
http://www.cisco.com/warp/public/770/crmtmp-pub.shtml
https://exchange.xforce.ibmcloud.com/vulnerabilities/1575

CVSS

Base:	2.1
Impact:	2.9
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:L/AC:L/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

19-12-2017 - 02:29

Objavljeno

31-12-1999 - 05:00