Unrated severityNVD Advisory· Published Apr 22, 2002· Updated Jun 16, 2026

CVE-2002-0160

Description

The administration function in Cisco Secure Access Control Server (ACS) for Windows, 2.6.x and earlier and 3.x through 3.01 (build 40), allows remote attackers to read HTML, Java class, and image files outside the web root via a ..\.. (modified ..) in the URL to port 2002.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

Cisco Systems, Inc./Secure Access Control Server7 versions
cpe:2.3:a:cisco:secure_access_control_server:2.6:*:*:*:*:*:*:*+ 6 more
- cpe:2.3:a:cisco:secure_access_control_server:2.6:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:secure_access_control_server:2.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:secure_access_control_server:2.6.3:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:secure_access_control_server:2.6.4:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:secure_access_control_server:3.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:secure_access_control_server:3.0.1:*:*:*:*:*:*:*
- (no CPE)range: 2.6.x and earlier, 3.x through 3.01 (build 40)

Patches

Vulnerability mechanics

No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.

References

www.cisco.com/warp/public/707/ACS-Win-Web.shtmlnvdPatchVendor Advisory
marc.infonvd
www.osvdb.org/5352nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000