Vulnerability Description
Format string vulnerability in the administration function in Cisco Secure Access Control Server (ACS) for Windows, 2.6.x and earlier and 3.x through 3.01 (build 40), allows remote attackers to crash the CSADMIN module only (denial of service of administration function) or execute arbitrary code via format strings in the URL to port 2002.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Secure Access Control Server | 2.6 |
Related Weaknesses (CWE)
References
- http://marc.info/?l=bugtraq&m=101787248913611&w=2
- http://www.cisco.com/warp/public/707/ACS-Win-Web.shtmlPatchVendor Advisory
- http://www.iss.net/security_center/static/8742.php
- http://www.osvdb.org/2062
- http://www.securityfocus.com/bid/4416
- http://marc.info/?l=bugtraq&m=101787248913611&w=2
- http://www.cisco.com/warp/public/707/ACS-Win-Web.shtmlPatchVendor Advisory
- http://www.iss.net/security_center/static/8742.php
- http://www.osvdb.org/2062
- http://www.securityfocus.com/bid/4416
FAQ
What is CVE-2002-0159?
CVE-2002-0159 is a vulnerability with a CVSS score of 7.5 (HIGH). Format string vulnerability in the administration function in Cisco Secure Access Control Server (ACS) for Windows, 2.6.x and earlier and 3.x through 3.01 (build 40), allows remote attackers to crash ...
How severe is CVE-2002-0159?
CVE-2002-0159 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2002-0159?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Secure Access Control Server.