| ID |
CVE-2013-4732
|
| Summary |
** DISPUTED ** The administrative web server on the Digital Alert Systems DASDEC EAS device through 2.0-2 and the Monroe Electronics R189 One-Net EAS device through 2.0-2 uses predictable session ID values, which makes it easier for remote attackers to hijack sessions by sniffing the network. NOTE: VU#662676 states "Monroe Electronics could not reproduce this finding." |
| References |
|
| Vulnerable Configurations |
-
cpe:2.3:h:monroe_electronics:r189_one-net_eas:2.0-0:*:*:*:*:*:*:*
cpe:2.3:h:monroe_electronics:r189_one-net_eas:2.0-0:*:*:*:*:*:*:*
-
cpe:2.3:h:digital_alert_systems:dasdec_eas:2.0-1:*:*:*:*:*:*:*
cpe:2.3:h:digital_alert_systems:dasdec_eas:2.0-1:*:*:*:*:*:*:*
-
cpe:2.3:h:monroe_electronics:r189_one-net_eas:*:*:*:*:*:*:*:*
cpe:2.3:h:monroe_electronics:r189_one-net_eas:*:*:*:*:*:*:*:*
-
cpe:2.3:h:digital_alert_systems:dasdec_eas:*:*:*:*:*:*:*:*
cpe:2.3:h:digital_alert_systems:dasdec_eas:*:*:*:*:*:*:*:*
-
cpe:2.3:h:digital_alert_systems:dasdec_eas:2.0-0:*:*:*:*:*:*:*
cpe:2.3:h:digital_alert_systems:dasdec_eas:2.0-0:*:*:*:*:*:*:*
-
cpe:2.3:h:monroe_electronics:r189_one-net_eas:2.0-1:*:*:*:*:*:*:*
cpe:2.3:h:monroe_electronics:r189_one-net_eas:2.0-1:*:*:*:*:*:*:*
|
| CVSS |
| Base: | 10.0 (as of 01-07-2013 - 04:00) |
| Impact: | 10.0 |
| Exploitability: | 10.0 |
|
| CWE |
CWE-255 |
| CAPEC |
Click the CAPEC title to display a description
|
| Access |
| Vector | Complexity | Authentication |
|---|
| NETWORK |
LOW |
NONE |
|
| Impact |
| Confidentiality | Integrity | Availability |
|---|
| COMPLETE |
COMPLETE |
COMPLETE |
|
| cvss-vector
via4
|
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
| refmap
via4
|
|
| Last major update |
01-07-2013 - 04:00 |
| Published |
30-06-2013 - 19:28 |
| Last modified |
01-07-2013 - 04:00 |