var-200204-0024
Vulnerability from variot
Format string vulnerability in the administration function in Cisco Secure Access Control Server (ACS) for Windows, 2.6.x and earlier and 3.x through 3.01 (build 40), allows remote attackers to crash the CSADMIN module only (denial of service of administration function) or execute arbitrary code via format strings in the URL to port 2002. ACS is the commercial access control server distributed and maintained by Cisco Systems. This problem affects CiscoSecure ACS on the Microsoft Windows platform. ACS does not properly handle user-supplied input. ACS is vulnerable to a format string attack which could allow the execution of arbitrary code. By sending a custom-crafted URL to port 2002 of a vulnerable server, it is possible to execute user-supplied code with the privileges of the ACS server. There is a loophole in the implementation of CiscoSecure ACS software under the Microsoft Windows platform, and a remote attacker may use this loophole to execute arbitrary commands on the host. There is a formatting overflow vulnerability when ACS processes user input
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200204-0024",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "secure access control server",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "2.6.4"
},
{
"model": "secure access control server",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "3.0.1"
},
{
"model": "secure access control server",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "2.6.2"
},
{
"model": "secure access control server",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "2.6"
},
{
"model": "secure access control server",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "2.6.3"
},
{
"model": "secure access control server",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "3.0"
},
{
"model": "secure acs for windows nt",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.0.1"
},
{
"model": "secure acs for windows nt",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.0"
},
{
"model": "secure acs for windows nt",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2.6.4"
},
{
"model": "secure acs for windows nt",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2.6.3"
},
{
"model": "secure acs for windows nt",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2.6.2"
},
{
"model": "secure acs for windows nt",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2.6"
}
],
"sources": [
{
"db": "BID",
"id": "4416"
},
{
"db": "NVD",
"id": "CVE-2002-0159"
},
{
"db": "CNNVD",
"id": "CNNVD-200204-040"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cisco:secure_access_control_server:3.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:secure_access_control_server:2.6.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:secure_access_control_server:3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:secure_access_control_server:2.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:secure_access_control_server:2.6.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:secure_access_control_server:2.6.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2002-0159"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Jonas Ldin\u203b jonas.landin@ixsecurity.com\u203bPatrik Karlsson\u203b Patrik.Karlsson@ixsecurity.com",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200204-040"
}
],
"trust": 0.6
},
"cve": "CVE-2002-0159",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-4553",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2002-0159",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200204-040",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-4553",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-4553"
},
{
"db": "NVD",
"id": "CVE-2002-0159"
},
{
"db": "CNNVD",
"id": "CNNVD-200204-040"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Format string vulnerability in the administration function in Cisco Secure Access Control Server (ACS) for Windows, 2.6.x and earlier and 3.x through 3.01 (build 40), allows remote attackers to crash the CSADMIN module only (denial of service of administration function) or execute arbitrary code via format strings in the URL to port 2002. ACS is the commercial access control server distributed and maintained by Cisco Systems. This problem affects CiscoSecure ACS on the Microsoft Windows platform. \nACS does not properly handle user-supplied input. ACS is vulnerable to a format string attack which could allow the execution of arbitrary code. By sending a custom-crafted URL to port 2002 of a vulnerable server, it is possible to execute user-supplied code with the privileges of the ACS server. There is a loophole in the implementation of CiscoSecure ACS software under the Microsoft Windows platform, and a remote attacker may use this loophole to execute arbitrary commands on the host. There is a formatting overflow vulnerability when ACS processes user input",
"sources": [
{
"db": "NVD",
"id": "CVE-2002-0159"
},
{
"db": "BID",
"id": "4416"
},
{
"db": "VULHUB",
"id": "VHN-4553"
}
],
"trust": 1.26
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "4416",
"trust": 2.0
},
{
"db": "NVD",
"id": "CVE-2002-0159",
"trust": 1.7
},
{
"db": "OSVDB",
"id": "2062",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-200204-040",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "20020403 IXSECURITY.20020314.CSADMIN_FMT.A",
"trust": 0.6
},
{
"db": "CISCO",
"id": "20020403 WEB INTERFACE VULNERABILITIES IN CISCO SECURE ACS FOR WINDOWS",
"trust": 0.6
},
{
"db": "XF",
"id": "8742",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-4553",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-4553"
},
{
"db": "BID",
"id": "4416"
},
{
"db": "NVD",
"id": "CVE-2002-0159"
},
{
"db": "CNNVD",
"id": "CNNVD-200204-040"
}
]
},
"id": "VAR-200204-0024",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-4553"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:33:16.437000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-134",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2002-0159"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/4416"
},
{
"trust": 1.7,
"url": "http://www.cisco.com/warp/public/707/acs-win-web.shtml"
},
{
"trust": 1.7,
"url": "http://www.osvdb.org/2062"
},
{
"trust": 1.7,
"url": "http://www.iss.net/security_center/static/8742.php"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=101787248913611\u0026w=2"
},
{
"trust": 0.6,
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=101787248913611\u0026w=2"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-4553"
},
{
"db": "NVD",
"id": "CVE-2002-0159"
},
{
"db": "CNNVD",
"id": "CNNVD-200204-040"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-4553"
},
{
"db": "BID",
"id": "4416"
},
{
"db": "NVD",
"id": "CVE-2002-0159"
},
{
"db": "CNNVD",
"id": "CNNVD-200204-040"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2002-04-22T00:00:00",
"db": "VULHUB",
"id": "VHN-4553"
},
{
"date": "2002-04-03T00:00:00",
"db": "BID",
"id": "4416"
},
{
"date": "2002-04-22T04:00:00",
"db": "NVD",
"id": "CVE-2002-0159"
},
{
"date": "2002-04-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200204-040"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-10-18T00:00:00",
"db": "VULHUB",
"id": "VHN-4553"
},
{
"date": "2002-04-03T00:00:00",
"db": "BID",
"id": "4416"
},
{
"date": "2016-10-18T02:16:39.237000",
"db": "NVD",
"id": "CVE-2002-0159"
},
{
"date": "2006-11-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200204-040"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200204-040"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CiscoSecure ACS For Windows Remote format string overflow vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200204-040"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "format string",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200204-040"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.