Missing Protection Mechanism for Alternate Hardware Interface in FACSChorus - CVE-2023-29063
Published: November 29, 2023
Vulnerability identifier: #VU83569
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2023-29063
CWE-ID: CWE-1299
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Becton, Dickinson and Company (BD)
Affected software:
FACSChorus
FACSChorus
Detailed vulnerability description
The vulnerability allows a local attacker to compromise the target system.
The vulnerability exists due to the workstation does not prevent physical access to its PCI express (PCIe) slots. An attacker with physical access can insert a PCI card designed for memory capture and isolate sensitive information such as a BitLocker encryption key from a dump of the workstation RAM during startup.
How to mitigate CVE-2023-29063
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.