Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-0159

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2002-0159
Last Modified 10 Feb 2011 12:00:00
Published 22 Apr 2002 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2002-0159

Summary

Format string vulnerability in the administration function in Cisco Secure Access Control Server (ACS) for Windows, 2.6.x and earlier and 3.x through 3.01 (build 40), allows remote attackers to crash the CSADMIN module only (denial of service of administration function) or execute arbitrary code via format strings in the URL to port 2002.

Vulnerable Systems

Application

  • Cisco Secure Access Control Server 2.6

  • Cisco Secure Access Control Server 2.6.2

  • Cisco Secure Access Control Server 2.6.3

  • Cisco Secure Access Control Server 2.6.4

  • Cisco Secure Access Control Server 3.0

  • Cisco Secure Access Control Server 3.0.1


References

CISCO - 20020403 Web Interface Vulnerabilities in Cisco Secure ACS for Windows

BUGTRAQ - 20020403 iXsecurity.20020314.csadmin_fmt.a

BID - 4416

OSVDB - 2062

XF - ciscosecure-acs-format-string(8742)


Last Updated: 27 May 2016 10:36:48