CVE-1999-1126

Name of the Vulnerable Software and Affected Versions Cisco Resource Manager (CRM) versions 1.1 and earlier

Description The issue allows local users to obtain sensitive configuration information, including usernames, passwords, and SNMP community strings, from certain log files and temporary files. The affected files include swim swd.log, swim debug.log, dbi debug.log, and temporary files whose names begin with "DPR ".

Recommendations For Cisco Resource Manager (CRM) versions 1.1 and earlier, consider restricting access to the log files swim swd.log, swim debug.log, and dbi debug.log, as well as temporary files whose names begin with "DPR ", to minimize the risk of sensitive information disclosure. As a temporary workaround, restrict local user access to these files until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.