CVE-2019-13539

Name of the Vulnerable Software and Affected Versions Medtronic Valleylab Exchange Client versions 3.4 and below Valleylab FT10 Energy Platform (VLFT10GEN) software versions 4.0.0 and below Valleylab FX8 Energy Platform (VLFX8GEN) software versions 1.1.0 and below

Description The issue concerns the use of the descrypt algorithm for OS password hashing in the affected software. Although interactive, network-based logons are disabled, attackers can potentially exploit other vulnerabilities to obtain local shell access and access these hashes.

Recommendations For Medtronic Valleylab Exchange Client versions 3.4 and below, update to a version above 3.4 to resolve the issue. For Valleylab FT10 Energy Platform (VLFT10GEN) software versions 4.0.0 and below, update to a version above 4.0.0 to resolve the issue. For Valleylab FX8 Energy Platform (VLFX8GEN) software versions 1.1.0 and below, update to a version above 1.1.0 to resolve the issue.