CyberSec.Space Logo
CVEブラウザに戻る

CVE-2002-0159

HIGH
7.5
CVSS Severity Score
EPSS Score0.1790%
EPSS Percentile41.60th
Published2002年4月22日
Last Modified2026年4月16日

Vulnerability Description

Format string vulnerability in the administration function in Cisco Secure Access Control Server (ACS) for Windows, 2.6.x and earlier and 3.x through 3.01 (build 40), allows remote attackers to crash the CSADMIN module only (denial of service of administration function) or execute arbitrary code via format strings in the URL to port 2002.

Affected Platforms (CPE)

📦
Cisco

Secure Access Control Server

= 2.6
📦
Cisco

Secure Access Control Server

= 2.6.2
📦
Cisco

Secure Access Control Server

= 2.6.3
📦
Cisco

Secure Access Control Server

= 2.6.4
📦
Cisco

Secure Access Control Server

= 3.0
📦
Cisco

Secure Access Control Server

= 3.0.1

References & Advisories

🔗 http://marc.info/?l=bugtraq&m=101787248913611&w=2
🔗 http://www.cisco.com/warp/public/707/ACS-Win-Web.shtml
🔗 http://www.iss.net/security_center/static/8742.php
🔗 http://www.osvdb.org/2062
🔗 http://www.securityfocus.com/bid/4416
🔗 http://marc.info/?l=bugtraq&m=101787248913611&w=2
🔗 http://www.cisco.com/warp/public/707/ACS-Win-Web.shtml
🔗 http://www.iss.net/security_center/static/8742.php

関連する脆弱性情報

CVE-2004-109910.0

Cisco Secure Access Control Server for Windows (ACS Windows) and Cisco Secure Access Control Server Solution Engine (ACS Solution ...

CVE-2006-409810.0

Stack-based buffer overflow in the CSRadius service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and ACS Sol...

CVE-2017-234310.0

The Integrated User Firewall (UserFW) feature was introduced in Junos OS version 12.1X47-D10 on the Juniper SRX Series devices to ...

CVE-2008-053210.0

Multiple buffer overflows in securecgi-bin/CSuserCGI.exe in User-Changeable Password (UCP) before 4.2 in Cisco Secure Access Contr...