Lucene search

BDCVELIST:CVE-2023-29060

HistoryNov 28, 2023 - 8:07 p.m.

CVE-2023-29060 Lack of USB Whitelisting

2023-11-2820:07:00

CWE-1299

www.cve.org

cve-2023-29060

usb whitelisting

facschorus

workstation

data exfiltration

5.4 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H

5.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.8%

JSON

The FACSChorus workstation operating system does not restrict what devices can interact with its USB ports. If exploited, a threat actor with physical access to the workstation could gain access to system information and potentially exfiltrate data.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Windows",
      "64 bit"
    ],
    "product": "FACSChorus",
    "vendor": "Becton, Dickinson and Company (BD)",
    "versions": [
      {
        "lessThanOrEqual": "5.1",
        "status": "affected",
        "version": "5.0",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "3.1",
        "status": "affected",
        "version": "3.0",
        "versionType": "custom"
      }
    ]
  }
]

References

www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-facschorus-software