Описание
Eaton Power Xpert Meter 4000, 6000, and 8000 devices before 13.4.0.10 have a single SSH private key across different customers' installations and do not properly restrict access to this key, which makes it easier for remote attackers to perform SSH logins (to uid 0) via the PubkeyAuthentication option.
Ссылки
- Vendor Advisory
- ExploitThird Party Advisory
- ExploitThird Party Advisory
- Vendor Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 13.4.0.10 (исключая)
Одновременно
cpe:2.3:o:eaton:power_xpert_meter_4000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:eaton:power_xpert_meter_4000:-:*:*:*:*:*:*:*
Конфигурация 2Версия до 13.4.0.10 (исключая)
Одновременно
cpe:2.3:o:eaton:power_xpert_meter_6000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:eaton:power_xpert_meter_6000:-:*:*:*:*:*:*:*
Конфигурация 3Версия до 13.4.0.10 (исключая)
Одновременно
cpe:2.3:o:eaton:power_xpert_meter_8000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:eaton:power_xpert_meter_8000:-:*:*:*:*:*:*:*
EPSS
Процентиль: 99%
0.70807
Высокий
9.8 Critical
CVSS3
10 Critical
CVSS2
Дефекты
CWE-798
Связанные уязвимости
CVSS3: 9.8
github
больше 3 лет назад
Eaton Power Xpert Meter 4000, 6000, and 8000 devices before 13.4.0.10 have a single SSH private key across different customers' installations and do not properly restrict access to this key, which makes it easier for remote attackers to perform SSH logins (to uid 0) via the PubkeyAuthentication option.
EPSS
Процентиль: 99%
0.70807
Высокий
9.8 Critical
CVSS3
10 Critical
CVSS2
Дефекты
CWE-798