CVE-2002-0159

Current Description

Format string vulnerability in the administration function in Cisco Secure Access Control Server (ACS) for Windows, 2.6.x and earlier and 3.x through 3.01 (build 40), allows remote attackers to crash the CSADMIN module only (denial of service of administration function) or execute arbitrary code via format strings in the URL to port 2002.

Basic Data

PublishedApril 22, 2002
Last ModifiedOctober 18, 2016
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-134
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score7.5
SeverityHIGH
Exploitability Score10.0
Impact Score6.4
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegetrue

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationCiscoSecure Access Control Server2.6*******
    2.3ApplicationCiscoSecure Access Control Server2.6.2*******
    2.3ApplicationCiscoSecure Access Control Server2.6.3*******
    2.3ApplicationCiscoSecure Access Control Server2.6.4*******
    2.3ApplicationCiscoSecure Access Control Server3.0*******
    2.3ApplicationCiscoSecure Access Control Server3.0.1*******

Vulnerable Software List

VendorProductVersions
Cisco Secure Access Control Server 2.6, 2.6.2, 2.6.3, 2.6.4, 3.0, 3.0.1

References

NameSourceURLTags
20020403 iXsecurity.20020314.csadmin_fmt.ahttp://marc.info/?l=bugtraq&m=101787248913611&w=2BUGTRAQ
20020403 Web Interface Vulnerabilities in Cisco Secure ACS for Windowshttp://www.cisco.com/warp/public/707/ACS-Win-Web.shtmlCISCOPatch Vendor Advisory
ciscosecure-acs-format-string(8742)http://www.iss.net/security_center/static/8742.phpXF
2062http://www.osvdb.org/2062OSVDB
4416http://www.securityfocus.com/bid/4416BID