CVE-2002-0159

Name of the Vulnerable Software and Affected Versions Cisco Secure Access Control Server (ACS) for Windows versions 2.6.x and earlier Cisco Secure Access Control Server (ACS) for Windows versions 3.x through 3.01 (build 40)

Description The issue allows remote attackers to crash the CSADMIN module or execute arbitrary code via format strings in the URL to port 2002, resulting in a denial of service of the administration function.

Recommendations For versions 2.6.x and earlier, update to a version later than 2.6.x to resolve the issue. For versions 3.x through 3.01 (build 40), update to a version later than 3.01 (build 40) to resolve the issue. As a temporary workaround, consider restricting access to port 2002 to minimize the risk of exploitation.