Eaton UPS 9PX 8000 SP Devices Expose SNMP User Passwords
CVE-2018-9280

4.9MEDIUM

Key Information:

Vendor: Eaton
Status: 9px Ups Firmware
Vendor: CVE Published:; 24 October 2018

Summary

Eaton UPS 9PX 8000 SP devices exhibit a significant security flaw allowing unauthorized access to SNMP version 3 user passwords. The web interface of the device displays these passwords in cleartext, enabling an attacker to view confidential credentials simply by inspecting the source code of the web page. This vulnerability compromises the integrity of user accounts, exposing both read and write user passwords, and poses a serious risk to the security of sensitive operations relying on these devices.

References

https://www.bishopfox.com/news/2018/10/eaton-ups-9px-8000...

x_refsource_MISC

CVSS V3.1

Score:

4.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 24, 2018
Vulnerability Reserved
Apr 4, 2018