Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Medtronic Valleylab FT10 and FX8 Reversible One-way Hash
Vulnerability Description
Medtronic Valleylab Exchange Client version 3.4 and below, Valleylab FT10 Energy Platform (VLFT10GEN) software version 4.0.0 and below, and Valleylab FX8 Energy Platform (VLFX8GEN) software version 1.1.0 and below use the descrypt algorithm for OS password hashing. While interactive, network-based logons are disabled, and attackers can use the other vulnerabilities within this report to obtain local shell access and access these hashes.
CVSS Information
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
可逆的单向哈希
Vulnerability Title
Medtronic Valleylab FT10 输入验证错误漏洞
Vulnerability Description
Medtronic Valleylab Exchange Client 3.4及之前版本、Valleylab FT10 Energy Platform (VLFT10GEN) 4.0.0及之前版本和Valleylab FX8 Energy Platform (VLFX8GEN) 1.1.0及之前版本中存在输入验证错误漏洞,该漏洞源于程序使用descrypt算法进行OS密码哈希处理。攻击者可借助特制请求利用该漏洞获取本地shell的访问权限并访问这些哈希值。
CVSS Information
N/A
Vulnerability Type
N/A