Vulnerability Description
The administrative web server on the Digital Alert Systems DASDEC EAS device through 2.0-2 and the Monroe Electronics R189 One-Net EAS device through 2.0-2 uses predictable session ID values, which makes it easier for remote attackers to hijack sessions by sniffing the network. NOTE: VU#662676 states "Monroe Electronics could not reproduce this finding.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Digital Alert Systems | Dasdec Eas | <= 2.0-2 |
| Monroe Electronics | R189 One-Net Eas | <= 2.0-2 |
Related Weaknesses (CWE)
References
- http://www.digitalalertsystems.com/pdf/130604-Monroe-Security-PR.pdfVendor Advisory
- http://www.kb.cert.org/vuls/id/662676US Government Resource
- http://www.kb.cert.org/vuls/id/AAMN-98MU7HUS Government Resource
- http://www.kb.cert.org/vuls/id/AAMN-98MUK2US Government Resource
- http://www.monroe-electronics.com/MONROE_ELECTRONICS_PDF/130604-Monroe-Security-Vendor Advisory
- http://www.digitalalertsystems.com/pdf/130604-Monroe-Security-PR.pdfVendor Advisory
- http://www.kb.cert.org/vuls/id/662676US Government Resource
- http://www.kb.cert.org/vuls/id/AAMN-98MU7HUS Government Resource
- http://www.kb.cert.org/vuls/id/AAMN-98MUK2US Government Resource
- http://www.monroe-electronics.com/MONROE_ELECTRONICS_PDF/130604-Monroe-Security-Vendor Advisory
FAQ
What is CVE-2013-4732?
CVE-2013-4732 is a vulnerability with a CVSS score of 10.0 (HIGH). The administrative web server on the Digital Alert Systems DASDEC EAS device through 2.0-2 and the Monroe Electronics R189 One-Net EAS device through 2.0-2 uses predictable session ID values, which ma...
How severe is CVE-2013-4732?
CVE-2013-4732 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-4732?
Check the references section above for vendor advisories and patch information. Affected products include: Digital Alert Systems Dasdec Eas, Monroe Electronics R189 One-Net Eas.