CVE-2002-0159

high

Cisco

CVSS v3 Base Score

7.5

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS Score

2.3%

Exploitation probability in 30 days

Top 15% most likely to be exploited

Attack Characteristics

Attack Vector

Network

Attack Complexity

Low

Confidentiality

Integrity

Availability

Published: April 22, 2002 (8788 days ago)

Last Modified: April 16, 2026

Vendor: Cisco

Source: NVD

Description

Format string vulnerability in the administration function in Cisco Secure Access Control Server (ACS) for Windows, 2.6.x and earlier and 3.x through 3.01 (build 40), allows remote attackers to crash the CSADMIN module only (denial of service of administration function) or execute arbitrary code via format strings in the URL to port 2002.

CWE

CWE-134

Affected Products

cisco secure access control server

References

🔗 marc.info 🔗 www.cisco.com 🔗 www.iss.net 🔗 www.osvdb.org 🔗 www.securityfocus.com

CVE-2002-0159

Vulnerability Report

Description

CWE

Affected Products

References