CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
AI Score
Confidence
Low
EPSS
Percentile
84.6%
The administrative web server on the Digital Alert Systems DASDEC EAS device through 2.0-2 and the Monroe Electronics R189 One-Net EAS device through 2.0-2 uses predictable session ID values, which makes it easier for remote attackers to hijack sessions by sniffing the network. NOTE: VU#662676 states "Monroe Electronics could not reproduce this finding.
Vendor | Product | Version | CPE |
---|---|---|---|
digital_alert_systems | dasdec_eas | * | cpe:2.3:h:digital_alert_systems:dasdec_eas:*:*:*:*:*:*:*:* |
digital_alert_systems | dasdec_eas | 2.0-0 | cpe:2.3:h:digital_alert_systems:dasdec_eas:2.0-0:*:*:*:*:*:*:* |
digital_alert_systems | dasdec_eas | 2.0-1 | cpe:2.3:h:digital_alert_systems:dasdec_eas:2.0-1:*:*:*:*:*:*:* |
monroe_electronics | r189_one-net_eas | * | cpe:2.3:h:monroe_electronics:r189_one-net_eas:*:*:*:*:*:*:*:* |
monroe_electronics | r189_one-net_eas | 2.0-0 | cpe:2.3:h:monroe_electronics:r189_one-net_eas:2.0-0:*:*:*:*:*:*:* |
monroe_electronics | r189_one-net_eas | 2.0-1 | cpe:2.3:h:monroe_electronics:r189_one-net_eas:2.0-1:*:*:*:*:*:*:* |