CVE-2002-0241

{"id": "CVE-2002-0241", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2002-05-29T04:00:00.000", "references": [{"url": "http://www.cisco.com/warp/public/707/ciscosecure-acs-nds-authentication-vuln-pub.shtml", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.iss.net/security_center/static/8106.php", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/4048", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.cisco.com/warp/public/707/ciscosecure-acs-nds-authentication-vuln-pub.shtml", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.iss.net/security_center/static/8106.php", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/4048", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "NDSAuth.DLL in Cisco Secure Authentication Control Server (ACS) 3.0.1 does not check the Expired or Disabled state of users in the Novell Directory Services (NDS), which could allow those users to authenticate to the server."}, {"lang": "es", "value": "NDSAuth.DLL en Cisco Secure Authentication Control Server (ACS) 3.0.1 no comprueba el estado \"caducado\" o \"deshabilitado\" de los usuarios en el directorio de servicios Novell, lo cual permitir\u00eda a otros usuarios autentificarse en el servidor."}], "lastModified": "2024-11-20T23:38:38.040", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:secure_access_control_server:3.0.1:*:windows_nt:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FA889730-B2FF-4219-BBCA-A4364BA61EAF"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}