Details of VAR-200204-0024

ID

VAR-200204-0024

CVE

CVE-2002-0159

TITLE

CiscoSecure ACS For Windows Remote format string overflow vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200204-040

DESCRIPTION

Format string vulnerability in the administration function in Cisco Secure Access Control Server (ACS) for Windows, 2.6.x and earlier and 3.x through 3.01 (build 40), allows remote attackers to crash the CSADMIN module only (denial of service of administration function) or execute arbitrary code via format strings in the URL to port 2002. ACS is the commercial access control server distributed and maintained by Cisco Systems. This problem affects CiscoSecure ACS on the Microsoft Windows platform. ACS does not properly handle user-supplied input. ACS is vulnerable to a format string attack which could allow the execution of arbitrary code. By sending a custom-crafted URL to port 2002 of a vulnerable server, it is possible to execute user-supplied code with the privileges of the ACS server. There is a loophole in the implementation of CiscoSecure ACS software under the Microsoft Windows platform, and a remote attacker may use this loophole to execute arbitrary commands on the host. There is a formatting overflow vulnerability when ACS processes user input

Trust: 1.26

sources: NVD: CVE-2002-0159 // BID: 4416 // VULHUB: VHN-4553

AFFECTED PRODUCTS

vendor:	cisco	model:	secure access control server	scope:	eq	version:	2.6.4	Trust: 1.6
vendor:	cisco	model:	secure access control server	scope:	eq	version:	3.0.1	Trust: 1.6
vendor:	cisco	model:	secure access control server	scope:	eq	version:	2.6.3	Trust: 1.6
vendor:	cisco	model:	secure access control server	scope:	eq	version:	3.0	Trust: 1.6
vendor:	cisco	model:	secure access control server	scope:	eq	version:	2.6	Trust: 1.6
vendor:	cisco	model:	secure access control server	scope:	eq	version:	2.6.2	Trust: 1.6
vendor:	cisco	model:	secure acs for windows nt	scope:	eq	version:	3.0.1	Trust: 0.3
vendor:	cisco	model:	secure acs for windows nt	scope:	eq	version:	3.0	Trust: 0.3
vendor:	cisco	model:	secure acs for windows nt	scope:	eq	version:	2.6.4	Trust: 0.3
vendor:	cisco	model:	secure acs for windows nt	scope:	eq	version:	2.6.3	Trust: 0.3
vendor:	cisco	model:	secure acs for windows nt	scope:	eq	version:	2.6.2	Trust: 0.3
vendor:	cisco	model:	secure acs for windows nt	scope:	eq	version:	2.6	Trust: 0.3

sources: BID: 4416 // CNNVD: CNNVD-200204-040 // NVD: CVE-2002-0159

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2002-0159
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-200204-040
value:	HIGH
Trust: 0.6
VULHUB:	VHN-4553
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2002-0159
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-4553
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-4553 // CNNVD: CNNVD-200204-040 // NVD: CVE-2002-0159

PROBLEMTYPE DATA

problemtype:

CWE-134

Trust: 1.0

sources: NVD: CVE-2002-0159

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200204-040

TYPE

format string

Trust: 0.6

sources: CNNVD: CNNVD-200204-040

EXTERNAL IDS

db:	BID	id:	4416	Trust: 2.0
db:	NVD	id:	CVE-2002-0159	Trust: 1.7
db:	OSVDB	id:	2062	Trust: 1.7
db:	CNNVD	id:	CNNVD-200204-040	Trust: 0.7
db:	BUGTRAQ	id:	20020403 IXSECURITY.20020314.CSADMIN_FMT.A	Trust: 0.6
db:	CISCO	id:	20020403 WEB INTERFACE VULNERABILITIES IN CISCO SECURE ACS FOR WINDOWS	Trust: 0.6
db:	XF	id:	8742	Trust: 0.6
db:	VULHUB	id:	VHN-4553	Trust: 0.1

sources: VULHUB: VHN-4553 // BID: 4416 // CNNVD: CNNVD-200204-040 // NVD: CVE-2002-0159

REFERENCES

url:	http://www.securityfocus.com/bid/4416	Trust: 2.7
url:	http://www.cisco.com/warp/public/707/acs-win-web.shtml	Trust: 2.7
url:	http://www.osvdb.org/2062	Trust: 2.7
url:	http://www.iss.net/security_center/static/8742.php	Trust: 2.7
url:	http://marc.info/?l=bugtraq&m=101787248913611&w=2	Trust: 2.1
url:	http://marc.theaimsgroup.com/?l=bugtraq&m=101787248913611&w=2	Trust: 0.6

sources: VULHUB: VHN-4553 // CNNVD: CNNVD-200204-040 // NVD: CVE-2002-0159

CREDITS

Jonas Ldin※ jonas.landin@ixsecurity.com※Patrik Karlsson※ Patrik.Karlsson@ixsecurity.com

Trust: 0.6

sources: CNNVD: CNNVD-200204-040

SOURCES

db:	VULHUB	id:	VHN-4553
db:	BID	id:	4416
db:	CNNVD	id:	CNNVD-200204-040
db:	NVD	id:	CVE-2002-0159

LAST UPDATE DATE

2024-11-22T23:03:17.225000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-4553	date:	2016-10-18T00:00:00
db:	BID	id:	4416	date:	2002-04-03T00:00:00
db:	CNNVD	id:	CNNVD-200204-040	date:	2006-11-07T00:00:00
db:	NVD	id:	CVE-2002-0159	date:	2024-11-20T23:38:26.937

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-4553	date:	2002-04-22T00:00:00
db:	BID	id:	4416	date:	2002-04-03T00:00:00
db:	CNNVD	id:	CNNVD-200204-040	date:	2002-04-22T00:00:00
db:	NVD	id:	CVE-2002-0159	date:	2002-04-22T04:00:00