CVE-2019-13539
Summary
| CVE | CVE-2019-13539 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2019-11-08 20:15:00 UTC |
| Updated | 2020-10-09 13:11:00 UTC |
| Description | Medtronic Valleylab Exchange Client version 3.4 and below, Valleylab FT10 Energy Platform (VLFT10GEN) software version 4.0.0 and below, and Valleylab FX8 Energy Platform (VLFX8GEN) software version 1.1.0 and below use the descrypt algorithm for OS password hashing. While interactive, network-based logons are disabled, and attackers can use the other vulnerabilities within this report to obtain local shell access and access these hashes. |
Risk And Classification
Problem Types: CWE-326
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Medtronic | Valleylab Exchange Client | All | All | All | All |
| Hardware | Medtronic | Valleylab Ft10 Energy Platform | - | All | All | All |
| Hardware | Medtronic | Valleylab Ft10 Energy Platform | - | All | All | All |
| Operating System | Medtronic | Valleylab Ft10 Energy Platform Firmware | All | All | All | All |
| Hardware | Medtronic | Valleylab Fx8 Energy Platform | - | All | All | All |
| Hardware | Medtronic | Valleylab Fx8 Energy Platform | - | All | All | All |
| Operating System | Medtronic | Valleylab Fx8 Energy Platform Firmware | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Medtronic Valleylab FT10 and FX8 | CISA | MISC | www.us-cert.gov | Third Party Advisory, US Government Resource |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.