← back
CVE-2018-16158

CVE-2018-16158

EPSS 34.9%
Vexday Risk Score
30Low
SSVC decision (CISA)
Attend
PoC available → attend closely
Exploit maturity
Functional exploit
Automatable exploit available (Nuclei/Metasploit).
CVSS EPSS 34.9%KEV nãoPoC Nuclei Metasploit simPatch
Lifecycle
18 Jul 2018Metasploit module available
30 Aug 2018Published on NVD
Recommendation: Plan a near-term fix — a public PoC already exists.
Eaton Power Xpert Meter 4000, 6000, and 8000 devices before 13.4.0.10 have a single SSH private key across different customers' installations and do not properly restrict access to this key, which makes it easier for remote attackers to perform SSH logins (to uid 0) via the PubkeyAuthentication option.
Affected products
n/a · n/a