Details of VAR-200210-0161

ID

VAR-200210-0161

CVE

CVE-2002-0938

TITLE

Cisco Secure ACS Cross-site Scripting Vulnerability

Trust: 0.9

sources: BID: 5026 // CNNVD: CNNVD-200210-112

DESCRIPTION

Cross-site scripting vulnerability in CiscoSecure ACS 3.0 allows remote attackers to execute arbitrary script or HTML as other web users via the action argument in a link to setup.exe. Cisco Secure ACS is an access control and accounting server system. It is distributed and maintained by Cisco, and in this vulnerability affects implementations on the Microsoft Windows NT platform. When this link is visited, the attacker-supplied HTML or script code could be executed in the browser of a user, provided the user has authenticated to the Secure ACS server. The setup.exe program lacks correct input verification for the data submitted by the user to the \"action\" parameter. Attackers can submit data containing malicious script code to the \"action\" parameter

Trust: 1.26

sources: NVD: CVE-2002-0938 // BID: 5026 // VULHUB: VHN-5327

AFFECTED PRODUCTS

vendor:	cisco	model:	secure access control server	scope:	eq	version:	3.0	Trust: 1.6
vendor:	cisco	model:	secure access control server	scope:	eq	version:	3.0.1	Trust: 1.6
vendor:	cisco	model:	secure acs for windows nt	scope:	eq	version:	3.0.1	Trust: 0.3
vendor:	cisco	model:	secure acs for windows nt	scope:	eq	version:	3.0	Trust: 0.3

sources: BID: 5026 // CNNVD: CNNVD-200210-112 // NVD: CVE-2002-0938

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2002-0938
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-200210-112
value:	HIGH
Trust: 0.6
VULHUB:	VHN-5327
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2002-0938
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-5327
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-5327 // CNNVD: CNNVD-200210-112 // NVD: CVE-2002-0938

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2002-0938

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200210-112

TYPE

unknown

Trust: 0.6

sources: CNNVD: CNNVD-200210-112

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-5327

EXTERNAL IDS

db:	BID	id:	5026	Trust: 2.0
db:	NVD	id:	CVE-2002-0938	Trust: 1.7
db:	CNNVD	id:	CNNVD-200210-112	Trust: 0.7
db:	BUGTRAQ	id:	20020614 XSS IN CISCOSECURE ACS V3.0	Trust: 0.6
db:	BUGTRAQ	id:	20020621 RE: XSS IN CISCOSECURE ACS V3.0	Trust: 0.6
db:	XF	id:	9353	Trust: 0.6
db:	EXPLOIT-DB	id:	21555	Trust: 0.1
db:	SEEBUG	id:	SSVID-75380	Trust: 0.1
db:	VULHUB	id:	VHN-5327	Trust: 0.1

sources: VULHUB: VHN-5327 // BID: 5026 // CNNVD: CNNVD-200210-112 // NVD: CVE-2002-0938

REFERENCES

url:	http://www.securityfocus.com/bid/5026	Trust: 1.7
url:	http://archives.neohapsis.com/archives/bugtraq/2002-06/0156.html	Trust: 1.7
url:	http://online.securityfocus.com/archive/1/278222	Trust: 1.7
url:	http://www.iss.net/security_center/static/9353.php	Trust: 1.7

sources: VULHUB: VHN-5327 // CNNVD: CNNVD-200210-112 // NVD: CVE-2002-0938

CREDITS

Fort _※ fort@linuxmail.org

Trust: 0.6

sources: CNNVD: CNNVD-200210-112

SOURCES

db:	VULHUB	id:	VHN-5327
db:	BID	id:	5026
db:	CNNVD	id:	CNNVD-200210-112
db:	NVD	id:	CVE-2002-0938

LAST UPDATE DATE

2024-08-14T14:42:24.464000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-5327	date:	2008-09-05T00:00:00
db:	BID	id:	5026	date:	2002-06-14T00:00:00
db:	CNNVD	id:	CNNVD-200210-112	date:	2005-05-02T00:00:00
db:	NVD	id:	CVE-2002-0938	date:	2008-09-05T20:29:20.897

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-5327	date:	2002-10-04T00:00:00
db:	BID	id:	5026	date:	2002-06-14T00:00:00
db:	CNNVD	id:	CNNVD-200210-112	date:	2002-06-14T00:00:00
db:	NVD	id:	CVE-2002-0938	date:	2002-10-04T04:00:00