7.5

CVE-2002-0159

EPSS 2.34%
Veröffentlicht 22.04.2002 04:00:00
Zuletzt bearbeitet 03.04.2025 01:03:51
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

Format string vulnerability in the administration function in Cisco Secure Access Control Server (ACS) for Windows, 2.6.x and earlier and 3.x through 3.01 (build 40), allows remote attackers to crash the CSADMIN  module only (denial of service of administration function) or execute arbitrary code via format strings in the URL to port 2002.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 8

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Cisco ≫ Secure Access Control Server Version2.6

Cisco ≫ Secure Access Control Server Version2.6.2

Cisco ≫ Secure Access Control Server Version2.6.3

Cisco ≫ Secure Access Control Server Version2.6.4

Cisco ≫ Secure Access Control Server Version3.0

Cisco ≫ Secure Access Control Server Version3.0.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	2.34%	0.834

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-134 Use of Externally-Controlled Format String

The product uses a function that accepts a format string as an argument, but the format string originates from an external source.

http://marc.info/?l=bugtraq&m=101787248913611&w=2

http://www.cisco.com/warp/public/707/ACS-Win-Web.shtml

Patch

Vendor Advisory

http://www.iss.net/security_center/static/8742.php

http://www.osvdb.org/2062

http://www.securityfocus.com/bid/4416

https://nvd.nist.gov/vuln/detail/CVE-2002-0159

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2002-0159

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2002-0159

EUVD