An issue was discovered on Eaton UPS 9PX 8000 SP devices. The appliance discloses the SNMP version 3 user's password. The web page displayed by the appliance contains the password in cleartext. Passwords of the read and write users could be retrieved by browsing the source code of the webpage.
References
Link | Resource |
---|---|
https://www.bishopfox.com/news/2018/10/eaton-ups-9px-8000-sp-multiple-vulnerabilities/ | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2018-10-24T21:00:00
Updated: 2018-10-24T20:57:01
Reserved: 2018-04-04T00:00:00
Link: CVE-2018-9280
JSON object: View
NVD Information
Status : Analyzed
Published: 2018-10-24T21:29:01.593
Modified: 2019-10-03T00:03:26.223
Link: CVE-2018-9280
JSON object: View
Redhat Information
No data.
CWE