CVE-2023-29060

The FACSChorus workstation operating system does not restrict what devices can interact with its USB ports. If exploited, a threat actor with physical access to the workstation could gain access to system information and potentially exfiltrate data.
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:bd:facschorus:5.0:*:*:*:*:*:*:*
cpe:2.3:a:bd:facschorus:5.1:*:*:*:*:*:*:*
cpe:2.3:h:hp:hp_z2_tower_g9:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
OR cpe:2.3:a:bd:facschorus:3.0:*:*:*:*:*:*:*
cpe:2.3:a:bd:facschorus:3.1:*:*:*:*:*:*:*
cpe:2.3:h:hp:hp_z2_tower_g5:-:*:*:*:*:*:*:*

History

21 Nov 2024, 07:56

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 5.7
v2 : unknown
v3 : 5.4
References () https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-facschorus-software - Mitigation, Vendor Advisory () https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-facschorus-software - Mitigation, Vendor Advisory

05 Dec 2023, 14:44

Type Values Removed Values Added
CPE cpe:2.3:o:bd:facschorus:3.0:*:*:*:*:*:*:*
cpe:2.3:o:bd:facschorus:5.1:*:*:*:*:*:*:*
cpe:2.3:o:bd:facschorus:5.0:*:*:*:*:*:*:*
cpe:2.3:o:bd:facschorus:3.1:*:*:*:*:*:*:*
cpe:2.3:a:bd:facschorus:5.1:*:*:*:*:*:*:*
cpe:2.3:a:bd:facschorus:5.0:*:*:*:*:*:*:*
cpe:2.3:a:bd:facschorus:3.0:*:*:*:*:*:*:*
cpe:2.3:a:bd:facschorus:3.1:*:*:*:*:*:*:*

04 Dec 2023, 19:20

Type Values Removed Values Added
CWE CWE-306
References () https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-facschorus-software - () https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-facschorus-software - Mitigation, Vendor Advisory
CPE cpe:2.3:o:bd:facschorus:3.0:*:*:*:*:*:*:*
cpe:2.3:o:bd:facschorus:3.1:*:*:*:*:*:*:*
cpe:2.3:h:hp:hp_z2_tower_g9:-:*:*:*:*:*:*:*
cpe:2.3:o:bd:facschorus:5.1:*:*:*:*:*:*:*
cpe:2.3:o:bd:facschorus:5.0:*:*:*:*:*:*:*
cpe:2.3:h:hp:hp_z2_tower_g5:-:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.7

28 Nov 2023, 21:15

Type Values Removed Values Added
Summary The FACSChorusâ„¢ workstation operating system does not restrict what devices can interact with its USB ports. If exploited, a threat actor with physical access to the workstation could gain access to system information and potentially exfiltrate data. The FACSChorus workstation operating system does not restrict what devices can interact with its USB ports. If exploited, a threat actor with physical access to the workstation could gain access to system information and potentially exfiltrate data.

28 Nov 2023, 20:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-11-28 20:15

Updated : 2024-11-21 07:56


NVD link : CVE-2023-29060

Mitre link : CVE-2023-29060

CVE.ORG link : CVE-2023-29060


JSON object : View

Products Affected

bd

  • facschorus

hp

  • hp_z2_tower_g9
  • hp_z2_tower_g5
CWE
CWE-1299

Missing Protection Mechanism for Alternate Hardware Interface

CWE-306

Missing Authentication for Critical Function