[Forgot Password]
Login  Register Subscribe

24003

 
 

131573

 
 

108566

 
 

909

 
 

85401

 
 

134

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML view JSON

CVE-2002-0159Date: (C)2002-04-22   (M)2018-02-19


Format string vulnerability in the administration function in Cisco Secure Access Control Server (ACS) for Windows, 2.6.x and earlier and 3.x through 3.01 (build 40), allows remote attackers to crash the CSADMIN module only (denial of service of administration function) or execute arbitrary code via format strings in the URL to port 2002.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : CVSS Score : 7.5
Exploit Score: Exploit Score: 10.0
Impact Score: Impact Score: 6.4
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: Access Vector: NETWORK
Attack Complexity: Access Complexity: LOW
Privileges Required: Authentication: NONE
User Interaction: Confidentiality: PARTIAL
Scope: Integrity: PARTIAL
Confidentiality: Availability: PARTIAL
Integrity:  
Availability:  
  
Reference:
http://www.cisco.com/warp/public/707/ACS-Win-Web.shtml
http://marc.info/?l=bugtraq&m=101787248913611&w=2
OSVDB-2062
BID-4416
ciscosecure-acs-format-string(8742)

CPE    6
cpe:/a:cisco:secure_access_control_server:3.0.1
cpe:/a:cisco:secure_access_control_server:2.6.3
cpe:/a:cisco:secure_access_control_server:2.6
cpe:/a:cisco:secure_access_control_server:2.6.4
...
CWE    1
CWE-134

© SecPod Technologies