CVE-2002-0159

critical

Description

Format string vulnerability in the administration function in Cisco Secure Access Control Server (ACS) for Windows, 2.6.x and earlier and 3.x through 3.01 (build 40), allows remote attackers to crash the CSADMIN module only (denial of service of administration function) or execute arbitrary code via format strings in the URL to port 2002.

References

http://www.securityfocus.com/bid/4416

http://www.osvdb.org/2062

http://www.iss.net/security_center/static/8742.php

http://www.cisco.com/warp/public/707/ACS-Win-Web.shtml

http://marc.info/?l=bugtraq&m=101787248913611&w=2

Details

Source: Mitre, NVD

Published: 2002-04-22

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.02343