CVE-2002-0159
Cisco Secure Access Control Server <=3.01 (build 40) - Remote Code Execution via Format String
Title source: llmDescription
Format string vulnerability in the administration function in Cisco Secure Access Control Server (ACS) for Windows, 2.6.x and earlier and 3.x through 3.01 (build 40), allows remote attackers to crash the CSADMIN module only (denial of service of administration function) or execute arbitrary code via format strings in the URL to port 2002.
References (5)
Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/2062
Third Party Advisory vdb-entry
x_refsource_xf
http://www.iss.net/security_center/static/8742.php
Patch, Vendor Advisory vendor-advisory
x_refsource_cisco
http://www.cisco.com/warp/public/707/ACS-Win-Web.shtml
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/4416
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=101787248913611&w=2
Scores
EPSS
0.0544
EPSS Percentile
91.7%
Details
CWE
CWE-134
Status
published
Products (6)
cisco/secure_access_control_server
2.6
cisco/secure_access_control_server
2.6.2
cisco/secure_access_control_server
2.6.3
cisco/secure_access_control_server
2.6.4
cisco/secure_access_control_server
3.0
cisco/secure_access_control_server
3.0.1
Published
Apr 22, 2002
Tracked Since
Feb 18, 2026