Medtronic Valleylab Exchange Client version 3.4 and below, Valleylab FT10 Energy Platform (VLFT10GEN) software version 4.0.0 and below, and Valleylab FX8 Energy Platform (VLFX8GEN) software version 1.1.0 and below use the descrypt algorithm for OS password hashing. While interactive, network-based logons are disabled, and attackers can use the other vulnerabilities within this report to obtain local shell access and access these hashes.
Fixes

Solution

Software patches are currently available for the FT10 platform and will be available in early 2020 for the FX8 platform. Until these updates can be applied, Medtronic recommends to either disconnect affected products from IP networks or to segregate those networks, such that the devices are not accessible from an untrusted network (e.g., Internet). Patches can be downloaded at the following location: https://www.medtronic.com/covidien/en-us/support/software.html Medtronic has released additional patient focused information, at the following location: https://www.medtronic.com/security


Workaround

No workaround given by the vendor.

History

Thu, 22 May 2025 19:15:00 +0000

Type Values Removed Values Added
Title Medtronic Valleylab FT10 and FX8 Reversible One-way Hash
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

cvssV3_1

{'score': 7, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: icscert

Published:

Updated: 2025-05-22T19:06:39.644Z

Reserved: 2019-07-11T00:00:00

Link: CVE-2019-13539

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2019-11-08T20:15:10.743

Modified: 2025-05-22T19:15:23.083

Link: CVE-2019-13539

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.