Lucene search

BDCVELIST:CVE-2023-29065

HistoryNov 28, 2023 - 8:35 p.m.

CVE-2023-29065 Overly Permissive Access Policy

2023-11-2820:35:59

CWE-277

www.cve.org

cve-2023-29065

overly permissive access policy

facschorus software

unauthorized access

data manipulation

database security

4.1 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

4.9 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.8%

JSON

The FACSChorus software database can be accessed directly with the privileges of the currently logged-in user. A threat actor with physical access could potentially gain credentials, which could be used to alter or destroy data stored in the database.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Windows",
      "64 bit"
    ],
    "product": "FACSChorus",
    "vendor": "Becton, Dickinson and Company (BD)",
    "versions": [
      {
        "lessThanOrEqual": "5.1",
        "status": "affected",
        "version": "5.0",
        "versionType": "custom"
      }
    ]
  }
]

References

www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-facschorus-software