CVE-2002-0160

Name of the Vulnerable Software and Affected Versions Cisco Secure Access Control Server (ACS) for Windows versions 2.6.x and earlier Cisco Secure Access Control Server (ACS) for Windows versions 3.x through 3.01 (build 40)

Description The administration function in Cisco Secure Access Control Server (ACS) for Windows allows remote attackers to read files outside the web root via a modified .... in the URL to port 2002. This issue affects the ability to access HTML, Java class, and image files.

Recommendations For versions 2.6.x and earlier, update to a version later than 2.6.x to resolve the issue. For versions 3.x through 3.01 (build 40), update to a version later than 3.01 (build 40) to resolve the issue. As a temporary workaround, consider restricting access to port 2002 until a patch is available.