Lucene search

BDCVELIST:CVE-2023-29061

HistoryNov 28, 2023 - 8:33 p.m.

CVE-2023-29061 Lack of Adequate BIOS Authentication

2023-11-2820:33:44

CWE-306

www.cve.org

cve-2023-29061

bios authentication

facschorus workstation

unauthorized access

CVSS3

5.2

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

AI Score

5.5

Confidence

High

EPSS

Percentile

12.7%

JSON

There is no BIOS password on the FACSChorus workstation. A threat actor with physical access to the workstation can potentially exploit this vulnerability to access the BIOS configuration and modify the drive boot order and BIOS pre-boot authentication.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Windows",
      "64 bit"
    ],
    "product": "FACSChorus",
    "vendor": "Becton, Dickinson and Company (BD)",
    "versions": [
      {
        "lessThanOrEqual": "5.1",
        "status": "affected",
        "version": "5.0",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "3.1",
        "status": "affected",
        "version": "3.0",
        "versionType": "custom"
      }
    ]
  }
]

References

www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-facschorus-software

CVSS3

5.2

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

AI Score

5.5

Confidence

High

EPSS

Percentile

12.7%

JSON

Related for CVELIST:CVE-2023-29061