Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2013-4732

Опубликовано: 30 июн. 2013
Источник: nvd
CVSS2: 10
EPSS Низкий

Описание

The administrative web server on the Digital Alert Systems DASDEC EAS device through 2.0-2 and the Monroe Electronics R189 One-Net EAS device through 2.0-2 uses predictable session ID values, which makes it easier for remote attackers to hijack sessions by sniffing the network. NOTE: VU#662676 states "Monroe Electronics could not reproduce this finding.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:h:digital_alert_systems:dasdec_eas:*:*:*:*:*:*:*:*
Версия до 2.0-2 (включая)
cpe:2.3:h:digital_alert_systems:dasdec_eas:2.0-0:*:*:*:*:*:*:*
cpe:2.3:h:digital_alert_systems:dasdec_eas:2.0-1:*:*:*:*:*:*:*
cpe:2.3:h:monroe_electronics:r189_one-net_eas:*:*:*:*:*:*:*:*
Версия до 2.0-2 (включая)
cpe:2.3:h:monroe_electronics:r189_one-net_eas:2.0-0:*:*:*:*:*:*:*
cpe:2.3:h:monroe_electronics:r189_one-net_eas:2.0-1:*:*:*:*:*:*:*

EPSS

Процентиль: 86%
0.02784
Низкий

10 Critical

CVSS2

Дефекты

CWE-255

Связанные уязвимости

github логотип

GHSA-4fq8-gf9c-7p2w

github
больше 3 лет назад

** DISPUTED ** The administrative web server on the Digital Alert Systems DASDEC EAS device through 2.0-2 and the Monroe Electronics R189 One-Net EAS device through 2.0-2 uses predictable session ID values, which makes it easier for remote attackers to hijack sessions by sniffing the network. NOTE: VU#662676 states "Monroe Electronics could not reproduce this finding."

EPSS

Процентиль: 86%
0.02784
Низкий

10 Critical

CVSS2

Дефекты

CWE-255