返回 CVE 瀏覽器

CVE-2002-0159

HIGH

7.5

CVSS Severity Score

EPSS Score0.1790%

EPSS Percentile41.60th

Published2002年4月22日

Last Modified2026年4月16日

Vulnerability Description

Format string vulnerability in the administration function in Cisco Secure Access Control Server (ACS) for Windows, 2.6.x and earlier and 3.x through 3.01 (build 40), allows remote attackers to crash the CSADMIN module only (denial of service of administration function) or execute arbitrary code via format strings in the URL to port 2002.

Affected Platforms (CPE)

📦

Cisco

Secure Access Control Server

= 2.6

📦

Cisco

Secure Access Control Server

= 2.6.2

📦

Cisco

Secure Access Control Server

= 2.6.3

📦

Cisco

Secure Access Control Server

= 2.6.4

📦

Cisco

Secure Access Control Server

= 3.0

📦

Cisco

Secure Access Control Server

= 3.0.1

References & Advisories

🔗 http://marc.info/?l=bugtraq&m=101787248913611&w=2

🔗 http://www.cisco.com/warp/public/707/ACS-Win-Web.shtml

🔗 http://www.iss.net/security_center/static/8742.php

🔗 http://www.osvdb.org/2062

🔗 http://www.securityfocus.com/bid/4416

🔗 http://marc.info/?l=bugtraq&m=101787248913611&w=2

🔗 http://www.cisco.com/warp/public/707/ACS-Win-Web.shtml

🔗 http://www.iss.net/security_center/static/8742.php

相關漏洞威脅

CVE-2004-109910.0

Cisco Secure Access Control Server for Windows (ACS Windows) and Cisco Secure Access Control Server Solution Engine (ACS Solution ...

CVE-2006-409810.0

Stack-based buffer overflow in the CSRadius service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and ACS Sol...

CVE-2017-234310.0

The Integrated User Firewall (UserFW) feature was introduced in Junos OS version 12.1X47-D10 on the Juniper SRX Series devices to ...

CVE-2008-053210.0

Multiple buffer overflows in securecgi-bin/CSuserCGI.exe in User-Changeable Password (UCP) before 4.2 in Cisco Secure Access Contr...

CVE-2002-0159 Detail & Impact Analysis | CVSS 7.5 (HIGH) | Cyber-Sec.Space | Cyber-Sec.Space