Main Vulnerability Database Vulnerabilities #VU83572

Incorrect Privilege Assignment in FACSChorus - CVE-2023-29066

Published: November 29, 2023

Vulnerability identifier: #VU83572

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2023-29066

CWE-ID: CWE-266

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Becton, Dickinson and Company (BD)

Affected software:
FACSChorus

Detailed vulnerability description

The vulnerability allows a local attacker to compromise the target system.

The vulnerability exists due to the affected software does not properly assign data access privileges for operating system user accounts. An authenticated attacker with physical access can modify information stored in the local application data folders.

How to mitigate CVE-2023-29066

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Sources

https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-facschorus-software
https://www.cisa.gov/news-events/ics-medical-advisories/icsma-23-331-01

Incorrect Privilege Assignment in FACSChorus - CVE-2023-29066

Detailed vulnerability description

How to mitigate CVE-2023-29066

Sources

Please verify you're human