Vulnerabilities > CVE-2013-4732 - Credentials Management vulnerability in multiple products

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
digital-alert-systems
monroe-electronics
CWE-255
NVD
Published: 2013-06-30
Updated: 2024-04-11

Summary

The administrative web server on the Digital Alert Systems DASDEC EAS device through 2.0-2 and the Monroe Electronics R189 One-Net EAS device through 2.0-2 uses predictable session ID values, which makes it easier for remote attackers to hijack sessions by sniffing the network. NOTE: VU#662676 states "Monroe Electronics could not reproduce this finding.

Vulnerable Configurations

Part Description Count
Hardware
Digital_Alert_Systems
3
Hardware
Monroe_Electronics
3

Common Weakness Enumeration (CWE)

References