Unrated severityNVD Advisory· Published Apr 22, 2002· Updated Apr 16, 2026

CVE-2002-0159

Description

Format string vulnerability in the administration function in Cisco Secure Access Control Server (ACS) for Windows, 2.6.x and earlier and 3.x through 3.01 (build 40), allows remote attackers to crash the CSADMIN module only (denial of service of administration function) or execute arbitrary code via format strings in the URL to port 2002.

Affected products

Cisco Systems, Inc./Secure Access Control Server6 versions
cpe:2.3:a:cisco:secure_access_control_server:2.6:*:*:*:*:*:*:*+ 5 more
- cpe:2.3:a:cisco:secure_access_control_server:2.6:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:secure_access_control_server:2.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:secure_access_control_server:2.6.3:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:secure_access_control_server:2.6.4:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:secure_access_control_server:3.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:secure_access_control_server:3.0.1:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.cisco.com/warp/public/707/ACS-Win-Web.shtmlnvdPatchVendor Advisory
marc.infonvd
www.iss.net/security_center/static/8742.phpnvd
www.osvdb.org/2062nvd
www.securityfocus.com/bid/4416nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000