CVE-2002-0241

4 documents4 sources

Severity

7.5HIGH

EPSS

0.2%

top 59.29%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Secure Access Control Server

Timeline

PublishedMay 29

Latest updateApr 30

Description

NDSAuth.DLL in Cisco Secure Authentication Control Server (ACS) 3.0.1 does not check the Expired or Disabled state of users in the Novell Directory Services (NDS), which could allow those users to authenticate to the server.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDcisco/secure_access_control_server3.0.1

Patches

Patch: www.cisco.com ↗Patch: www.iss.net ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-fc5v-r7j2-4w95: NDSAuth↗2022-04-30

▶

CVEList

CVE-2002-0241: NDSAuth↗2003-04-02

▶

📋Vendor Advisories

Cisco

Cisco Secure Access Control Server Novell Directory Service Expired/Disabled User Authentication Vulnerability↗2002-02-07

▶