#VU22639 Reversible One-Way Hash


Published: 2019-11-11

Vulnerability identifier: #VU22639

Vulnerability risk: Low

CVSSv3.1:

CVE-ID: CVE-2019-13539

CWE-ID: N/A

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Valleylab FX8 Energy Platform
Hardware solutions / Other hardware appliances
Valleylab FT10 Energy Platform
Hardware solutions / Other hardware appliances
Valleylab Exchange Client
Client/Desktop applications / Other client software

Vendor: Medtronic

Description

The vulnerability allows a local user to bypass authentication on the target system.

The vulnerability exists due to the the affected products use the decrypt algorithm for OS password hashing. While interactive, network-based logins are disable and local user can use other vulnerabilities to obtain local shell access and access these hashes.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Valleylab FX8 Energy Platform: 1.1.0

Valleylab Exchange Client: 3.4

Valleylab FT10 Energy Platform: 4.0.0


CPE

External links
http://www.us-cert.gov/ics/advisories/icsma-19-311-02


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?


Latest bulletins with this vulnerability