CVE-2013-4732
Last modified
CVE-2013-4732 is a vulnerability of currently unknown severity. The administrative web server on the Digital Alert Systems DASDEC EAS device through 2.0-2 and the Monroe Electronics R189 One-Net EAS device through 2.0-2 uses predictable session ID values, which makes it easier for remote attackers to hijack sessions by sniffing the network. NOTE: VU#662676 states "Monroe Electronics could not reproduce this finding.. EPSS estimates a 3.04% chance of exploitation in the next 30 days.
Description
The administrative web server on the Digital Alert Systems DASDEC EAS device through 2.0-2 and the Monroe Electronics R189 One-Net EAS device through 2.0-2 uses predictable session ID values, which makes it easier for remote attackers to hijack sessions by sniffing the network. NOTE: VU#662676 states "Monroe Electronics could not reproduce this finding.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Digital Alert Systems | Dasdec Eas | <= 2.0-2 |
| Digital Alert Systems | Dasdec Eas | 2.0-0 |
| Digital Alert Systems | Dasdec Eas | 2.0-1 |
| Monroe Electronics | R189 One-Net Eas | <= 2.0-2 |
| Monroe Electronics | R189 One-Net Eas | 2.0-0 |
| Monroe Electronics | R189 One-Net Eas | 2.0-1 |
References
- http://www.kb.cert.org/vuls/id/662676US Government Resource
- http://www.kb.cert.org/vuls/id/AAMN-98MU7HUS Government Resource
- http://www.kb.cert.org/vuls/id/AAMN-98MUK2US Government Resource
- http://www.kb.cert.org/vuls/id/662676US Government Resource
- http://www.kb.cert.org/vuls/id/AAMN-98MU7HUS Government Resource
- http://www.kb.cert.org/vuls/id/AAMN-98MUK2US Government Resource
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2013-4732?
How severe is CVE-2013-4732?
How do I fix CVE-2013-4732?
Are you affected by CVE-2013-4732?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST