CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2013-4732

The administrative web server on the Digital Alert Systems DASDEC EAS device through 2.0-2 and the Monroe Electronics R189 One-Net EAS device through 2.0-2 uses predictable session ID values, which makes it easier for remote attackers to hijack sessions by sniffing the network. NOTE: VU#662676 states "Monroe Electronics could not reproduce this finding.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.012

EPSS Ranking 78.0%

CVSS Severity

CVSS v2 Score 10.0

References

Products affected by CVE-2013-4732

Digital Alert Systems » Dasdec Eas » Version: Any

cpe:2.3:h:digital_alert_systems:dasdec_eas:*
Digital Alert Systems » Dasdec Eas » Version: 2.0-0

cpe:2.3:h:digital_alert_systems:dasdec_eas:2.0-0
Digital Alert Systems » Dasdec Eas » Version: 2.0-1

cpe:2.3:h:digital_alert_systems:dasdec_eas:2.0-1
Monroe Electronics » R189 One-Net Eas » Version: Any

cpe:2.3:h:monroe_electronics:r189_one-net_eas:*
Monroe Electronics » R189 One-Net Eas » Version: 2.0-0

cpe:2.3:h:monroe_electronics:r189_one-net_eas:2.0-0
Monroe Electronics » R189 One-Net Eas » Version: 2.0-1

cpe:2.3:h:monroe_electronics:r189_one-net_eas:2.0-1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2013-4732

Products

Pricing

Contact Us