Medtronic Valleylab Exchange Client version 3.4 and below, Valleylab FT10 Energy Platform (VLFT10GEN) software version 4.0.0 and below, and Valleylab FX8 Energy Platform (VLFX8GEN) software version 1.1.0 and below use the descrypt algorithm for OS password hashing. While interactive, network-based logons are disabled, and attackers can use the other vulnerabilities within this report to obtain local shell access and access these hashes.
References
Link | Resource |
---|---|
https://www.us-cert.gov/ics/advisories/icsma-19-311-02 | Third Party Advisory US Government Resource |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: icscert
Published: 2019-11-08T19:07:59
Updated: 2019-11-08T19:07:59
Reserved: 2019-07-11T00:00:00
Link: CVE-2019-13539
JSON object: View
NVD Information
Status : Analyzed
Published: 2019-11-08T20:15:10.743
Modified: 2020-10-09T13:11:28.173
Link: CVE-2019-13539
JSON object: View
Redhat Information
No data.