N/A

Cisco Resource Manager (CRM) 1.1 and earlier creates certain files with insecure permissions that allow local users to obtain sensitive configuration information including usernames, passwords, and SNMP community strings, from (1) swim_swd.log, (2) swim_debug.log, (3) dbi_debug.log, and (4) temporary files whose names begin with "DPR_".

N/A

N/A

Cisco Resource Manager权限许可漏洞

Cisco Resource Manager (CRM) 1.0以及之前的版本存在权限许可漏洞。CRM会创建某一带有不安全许可的文件，本地用户可以从以“DPR”开头的(1)swim_swd.log、(2) swim_debug.log、(3) dbi_debug.及(4)临时文件中获得敏感的配置信息，这些配置信息包括用户名、密码和SNMP社区字符串。

N/A

N/A