Unrated severityNVD Advisory· Published May 12, 2003· Updated Apr 16, 2026

CVE-2003-0210

Description

Buffer overflow in the administration service (CSAdmin) for Cisco Secure ACS before 3.1.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long user parameter to port 2002.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A buffer overflow in Cisco Secure ACS CSAdmin service on port 2002 allows remote, unauthenticated attackers to crash the service or possibly execute arbitrary code.

Vulnerability

Cisco Secure ACS for Windows before version 3.1.2 contains a buffer overflow in the web-based administration service (CSAdmin), which listens on TCP port 2002. The vulnerability is triggered when a long user parameter is sent in a login request to the service [1][2]. This affects all versions prior to 3.1.2 and has been assigned Cisco Bug ID CSCea51366 [2].

Exploitation

An attacker can exploit this vulnerability without authentication by sending a crafted HTTP request with an overly long user parameter to port 2002 of the ACS server. The buffer overflow occurs during CSAdmin process servicing the login request [2]. No special network position is required beyond reachability to the affected port.

Impact

Successful exploitation causes the CSAdmin service to hang, resulting in a denial of service. It may also allow arbitrary code execution with the privileges of the CSAdmin process, potentially leading to full remote compromise of the system [1][2].

Mitigation

Cisco released version 3.1.2 which includes a fix for this vulnerability as of the advisory date (2003-04-23) [1]. Users should upgrade to Cisco Secure ACS version 3.1.2 or later. No workarounds are documented in the available references. This vulnerability is not listed in CISA's Known Exploited Vulnerabilities catalog.

References

AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Cisco Systems, Inc./Secure Access Control Server12 versions
cpe:2.3:a:cisco:secure_access_control_server:2.1:*:*:*:*:*:*:*+ 11 more
- cpe:2.3:a:cisco:secure_access_control_server:2.1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:secure_access_control_server:2.3:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:secure_access_control_server:2.4:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:secure_access_control_server:2.5:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:secure_access_control_server:2.6:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:secure_access_control_server:2.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:secure_access_control_server:2.6.3:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:secure_access_control_server:2.6.4:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:secure_access_control_server:3.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:secure_access_control_server:3.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:secure_access_control_server:3.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:secure_access_control_server:3.1.1:*:*:*:*:*:*:*
Cisco Systems, Inc./Cisco Secure ACSllm-create
Range: <3.1.2

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.cisco.com/warp/public/707/cisco-sa-20030423-ACS.shtmlnvdPatchVendor Advisory
www.kb.cert.org/vuls/id/697049nvdUS Government Resource
marc.infonvd
marc.infonvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000