PT-2002-1947 · Cisco · Cisco Secure Acs

Published

2002-10-04

Updated

2008-09-05

CVE-2002-0938

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions: CiscoSecure ACS version 3.0

Description: A cross-site scripting issue allows remote attackers to execute arbitrary script or HTML as other web users. This is achieved via the action argument in a link to "setup.exe".

Recommendations: For CiscoSecure ACS version 3.0, consider disabling access to the setup.exe link until a patch is available. Restrict access to the action argument in links to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2002-0938

Affected Products

Cisco Secure Acs

PT-2002-1947 · Cisco · Cisco Secure Acs

CVE-2002-0938

Related Identifiers

Affected Products

References · 6