CVE-2013-4732

The administrative web server on the Digital Alert Systems DASDEC EAS device through 2.0-2 and the Monroe Electronics R189 One-Net EAS device through 2.0-2 uses predictable session ID values, which makes it easier for remote attackers to hijack sessions by sniffing the network. NOTE: VU#662676 states "Monroe Electronics could not reproduce this finding.
Configurations

Configuration 1 (hide)

OR cpe:2.3:h:digital_alert_systems:dasdec_eas:*:*:*:*:*:*:*:*
cpe:2.3:h:digital_alert_systems:dasdec_eas:2.0-0:*:*:*:*:*:*:*
cpe:2.3:h:digital_alert_systems:dasdec_eas:2.0-1:*:*:*:*:*:*:*
cpe:2.3:h:monroe_electronics:r189_one-net_eas:*:*:*:*:*:*:*:*
cpe:2.3:h:monroe_electronics:r189_one-net_eas:2.0-0:*:*:*:*:*:*:*
cpe:2.3:h:monroe_electronics:r189_one-net_eas:2.0-1:*:*:*:*:*:*:*

History

21 Nov 2024, 01:56

Type Values Removed Values Added
References () http://www.digitalalertsystems.com/pdf/130604-Monroe-Security-PR.pdf - Vendor Advisory () http://www.digitalalertsystems.com/pdf/130604-Monroe-Security-PR.pdf - Vendor Advisory
References () http://www.kb.cert.org/vuls/id/662676 - US Government Resource () http://www.kb.cert.org/vuls/id/662676 - US Government Resource
References () http://www.kb.cert.org/vuls/id/AAMN-98MU7H - US Government Resource () http://www.kb.cert.org/vuls/id/AAMN-98MU7H - US Government Resource
References () http://www.kb.cert.org/vuls/id/AAMN-98MUK2 - US Government Resource () http://www.kb.cert.org/vuls/id/AAMN-98MUK2 - US Government Resource
References () http://www.monroe-electronics.com/MONROE_ELECTRONICS_PDF/130604-Monroe-Security-PR.pdf - Vendor Advisory () http://www.monroe-electronics.com/MONROE_ELECTRONICS_PDF/130604-Monroe-Security-PR.pdf - Vendor Advisory

07 Nov 2023, 02:16

Type Values Removed Values Added
Summary ** DISPUTED ** The administrative web server on the Digital Alert Systems DASDEC EAS device through 2.0-2 and the Monroe Electronics R189 One-Net EAS device through 2.0-2 uses predictable session ID values, which makes it easier for remote attackers to hijack sessions by sniffing the network. NOTE: VU#662676 states "Monroe Electronics could not reproduce this finding." The administrative web server on the Digital Alert Systems DASDEC EAS device through 2.0-2 and the Monroe Electronics R189 One-Net EAS device through 2.0-2 uses predictable session ID values, which makes it easier for remote attackers to hijack sessions by sniffing the network. NOTE: VU#662676 states "Monroe Electronics could not reproduce this finding.

Information

Published : 2013-06-30 19:28

Updated : 2024-11-21 01:56


NVD link : CVE-2013-4732

Mitre link : CVE-2013-4732

CVE.ORG link : CVE-2013-4732


JSON object : View

Products Affected

monroe_electronics

  • r189_one-net_eas

digital_alert_systems

  • dasdec_eas
CWE
CWE-255

Credentials Management Errors