Main Vulnerability Database Vulnerabilities #VU83567

Missing Authentication for Critical Function in FACSChorus - CVE-2023-29061

Published: November 29, 2023

Vulnerability identifier: #VU83567

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2023-29061

CWE-ID: CWE-306

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Becton, Dickinson and Company (BD)

Affected software:
FACSChorus

Detailed vulnerability description

The vulnerability allows a local attacker to bypass authentication process.

The vulnerability exists due to missing BIOS password. An attacker with physical access can access the BIOS configuration and modify the drive boot order and BIOS pre-boot authentication.

How to mitigate CVE-2023-29061

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Sources

https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-facschorus-software
https://www.cisa.gov/news-events/ics-medical-advisories/icsma-23-331-01

Missing Authentication for Critical Function in FACSChorus - CVE-2023-29061

Detailed vulnerability description

How to mitigate CVE-2023-29061

Sources

Please verify you're human