ID CVE-2003-0210
Summary Buffer overflow in the administration service (CSAdmin) for Cisco Secure ACS before 3.1.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long user parameter to port 2002.
References
Vulnerable Configurations
  • Cisco Secure Access Control Server (ACS) 2.1 for Windows
    cpe:2.3:a:cisco:secure_access_control_server:2.1
  • Cisco Secure Access Control Server (ACS) 2.3 for Windows
    cpe:2.3:a:cisco:secure_access_control_server:2.3
  • Cisco Secure Access Control Server (ACS) 2.4 for Windows
    cpe:2.3:a:cisco:secure_access_control_server:2.4
  • Cisco Secure Access Control Server (ACS) 2.5 for Windows NT
    cpe:2.3:a:cisco:secure_access_control_server:2.5
  • Cisco Secure Access Control Server (ACS) 2.6 for Windows
    cpe:2.3:a:cisco:secure_access_control_server:2.6
  • Cisco Secure Access Control Server (ACS) 2.6.2 for Windows
    cpe:2.3:a:cisco:secure_access_control_server:2.6.2
  • Cisco Secure Access Control Server (ACS) 2.6.3 for Windows
    cpe:2.3:a:cisco:secure_access_control_server:2.6.3
  • Cisco Secure Access Control Server (ACS) 2.6.4 for Windows
    cpe:2.3:a:cisco:secure_access_control_server:2.6.4
  • Cisco Secure Access Control Server (ACS) 3.0 for Windows
    cpe:2.3:a:cisco:secure_access_control_server:3.0
  • Cisco Secure Access Control Server (ACS) 3.0.1 for Windows
    cpe:2.3:a:cisco:secure_access_control_server:3.0.1
  • Cisco Secure Access Control Server (ACS) 3.0.3 for Windows
    cpe:2.3:a:cisco:secure_access_control_server:3.0.3
  • Cisco Secure Access Control Server (ACS) 3.1.1 for Windows
    cpe:2.3:a:cisco:secure_access_control_server:3.1.1
CVSS
Base: 7.5 (as of 01-01-2004 - 00:00)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
NASL family Web Servers
NASL id CISCO_ACS_WEB_OVERFLOW.NASL
description The remote web server crashed when the 'login.exe' CGI received a too login query string. This leads to a denial of service or even execution of arbitrary code. Some versions of Cisco Secure ACS web server are known to be vulnerable to this flaw.
last seen 2019-02-21
modified 2018-07-06
plugin id 11556
published 2003-04-30
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=11556
title CiscoSecure ACS for Windows CSAdmin Login Overflow DoS
refmap via4
bugtraq 20030424 NSFOCUS SA2003-04 : Remote Buffer Overflow Vulnerability in Web Management Interface of Cisco Secure ACS
cert-vn VU#697049
cisco 20030423 Cisco Secure Access Control Server for Windows Admin Buffer Overflow Vulnerability
ntbugtraq 20030424 NSFOCUS SA2003-04 : Remote Buffer Overflow Vulnerability in Web Management Interface of Cisco Secure ACS
Last major update 17-10-2016 - 22:30
Published 12-05-2003 - 00:00
Back to Top