CVE-1999-1126
LowExploitation Probability (EPSS)
Low risk28th percentile — higher than 28% of all known CVEs
Summary
Cisco Resource Manager (CRM) 1.1 and earlier creates files with insecure permissions that allow local users to obtain sensitive configuration information including usernames, passwords, and SNMP community strings.
Risk Assessment
The organization may be exposed to unauthorized access to sensitive data, potentially leading to serious security breaches.
Recommendation
It is recommended to update Cisco Resource Manager to the latest version and review file permissions to ensure their security.
Original NVD description (English source)
Cisco Resource Manager (CRM) 1.1 and earlier creates certain files with insecure permissions that allow local users to obtain sensitive configuration information including usernames, passwords, and SNMP community strings, from (1) swim_swd.log, (2) swim_debug.log, (3) dbi_debug.log, and (4) temporary files whose names begin with "DPR_".

