CVE-2018-16158
CVE-2018-16158
Vexday Risk Score
30Low
SSVC decision (CISA)
Attend
PoC available → attend closely
Exploit maturity
Functional exploit
Automatable exploit available (Nuclei/Metasploit).
CVSS —EPSS 34.9%KEV nãoPoC —Nuclei —Metasploit simPatch —
Lifecycle
18 Jul 2018Metasploit module available
30 Aug 2018Published on NVD
Recommendation: Plan a near-term fix — a public PoC already exists.
Eaton Power Xpert Meter 4000, 6000, and 8000 devices before 13.4.0.10 have a single SSH private key across different customers' installations and do not properly restrict access to this key, which makes it easier for remote attackers to perform SSH logins (to uid 0) via the PubkeyAuthentication option.
Affected products
n/a · n/a