Vulnerability Details CVE-2002-0160
The administration function in Cisco Secure Access Control Server (ACS) for Windows, 2.6.x and earlier and 3.x through 3.01 (build 40), allows remote attackers to read HTML, Java class, and image files outside the web root via a ..\.. (modified ..) in the URL to port 2002.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 67.1%
CVSS Severity
CVSS v2 Score 5.0
References
Products affected by CVE-2002-0160
-
cpe:2.3:a:cisco:secure_access_control_server:2.6
-
cpe:2.3:a:cisco:secure_access_control_server:2.6.2
-
cpe:2.3:a:cisco:secure_access_control_server:2.6.3
-
cpe:2.3:a:cisco:secure_access_control_server:2.6.4
-
cpe:2.3:a:cisco:secure_access_control_server:3.0
-
cpe:2.3:a:cisco:secure_access_control_server:3.0.1