CyberSec.Space Logo
Back to CVE Browser

CVE-2002-0159

HIGH
7.5
CVSS Severity Score
EPSS Score0.1790%
EPSS Percentile41.60th
PublishedApr 22, 2002
Last ModifiedApr 16, 2026

Vulnerability Description

Format string vulnerability in the administration function in Cisco Secure Access Control Server (ACS) for Windows, 2.6.x and earlier and 3.x through 3.01 (build 40), allows remote attackers to crash the CSADMIN module only (denial of service of administration function) or execute arbitrary code via format strings in the URL to port 2002.

Affected Platforms (CPE)

πŸ“¦
Cisco

Secure Access Control Server

= 2.6
πŸ“¦
Cisco

Secure Access Control Server

= 2.6.2
πŸ“¦
Cisco

Secure Access Control Server

= 2.6.3
πŸ“¦
Cisco

Secure Access Control Server

= 2.6.4
πŸ“¦
Cisco

Secure Access Control Server

= 3.0
πŸ“¦
Cisco

Secure Access Control Server

= 3.0.1

References & Advisories

πŸ”— http://marc.info/?l=bugtraq&m=101787248913611&w=2
πŸ”— http://www.cisco.com/warp/public/707/ACS-Win-Web.shtml
πŸ”— http://www.iss.net/security_center/static/8742.php
πŸ”— http://www.osvdb.org/2062
πŸ”— http://www.securityfocus.com/bid/4416
πŸ”— http://marc.info/?l=bugtraq&m=101787248913611&w=2
πŸ”— http://www.cisco.com/warp/public/707/ACS-Win-Web.shtml
πŸ”— http://www.iss.net/security_center/static/8742.php

Related Vulnerabilities

CVE-2004-109910.0

Cisco Secure Access Control Server for Windows (ACS Windows) and Cisco Secure Access Control Server Solution Engine (ACS Solution ...

CVE-2006-409810.0

Stack-based buffer overflow in the CSRadius service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and ACS Sol...

CVE-2017-234310.0

The Integrated User Firewall (UserFW) feature was introduced in Junos OS version 12.1X47-D10 on the Juniper SRX Series devices to ...

CVE-2008-053210.0

Multiple buffer overflows in securecgi-bin/CSuserCGI.exe in User-Changeable Password (UCP) before 4.2 in Cisco Secure Access Contr...