CVE-2002-0159

CVE Database · CVE-2002-0159

CVE-2002-0159

· N/AModified

CVSS v3.1

N/A

EPSS

5.44%

Published

Apr 22, 2002

Modified

Apr 15, 2026

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Format string vulnerability in the administration function in Cisco Secure Access Control Server (ACS) for Windows, 2.6.x and earlier and 3.x through 3.01 (build 40), allows remote attackers to crash the CSADMIN module only (denial of service of administration function) or execute arbitrary code via format strings in the URL to port 2002.

Weaknesses (CWE)

CWE-134

Affected Products (6)

cisco · secure_access_control_servervulnerable

References (10)

http://marc.info/?l=bugtraq&m=101787248913611&w=2

http://www.cisco.com/warp/public/707/ACS-Win-Web.shtml

PatchVendor Advisory

http://www.iss.net/security_center/static/8742.php

http://www.osvdb.org/2062

http://www.securityfocus.com/bid/4416