Vulnerability Details CVE-2002-0159
Format string vulnerability in the administration function in Cisco Secure Access Control Server (ACS) for Windows, 2.6.x and earlier and 3.x through 3.01 (build 40), allows remote attackers to crash the CSADMIN module only (denial of service of administration function) or execute arbitrary code via format strings in the URL to port 2002.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.023
EPSS Ranking 84.2%
CVSS Severity
CVSS v2 Score 7.5
References
- http://marc.info/?l=bugtraq&m=101787248913611&w=2
- http://www.cisco.com/warp/public/707/ACS-Win-Web.shtml
- http://www.iss.net/security_center/static/8742.php
- http://www.osvdb.org/2062
- http://www.securityfocus.com/bid/4416
- http://marc.info/?l=bugtraq&m=101787248913611&w=2
- http://www.cisco.com/warp/public/707/ACS-Win-Web.shtml
- http://www.iss.net/security_center/static/8742.php
- http://www.osvdb.org/2062
- http://www.securityfocus.com/bid/4416
Products affected by CVE-2002-0159
-
cpe:2.3:a:cisco:secure_access_control_server:2.6
-
cpe:2.3:a:cisco:secure_access_control_server:2.6.2
-
cpe:2.3:a:cisco:secure_access_control_server:2.6.3
-
cpe:2.3:a:cisco:secure_access_control_server:2.6.4
-
cpe:2.3:a:cisco:secure_access_control_server:3.0
-
cpe:2.3:a:cisco:secure_access_control_server:3.0.1