CVE-2023-29060 MEDIUM

CVE-2023-29060: Lack of USB Whitelisting

Vendor Becton, Dickinson And Company (Bd)
Product FACSChorus
Weakness CWE-1299
Published November 28, 2023
Last update June 3, 2025

CVSS base score

5.4/10
Attack vector Physical
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H

What the vulnerability does

01Description

The FACSChorus workstation operating system does not restrict what devices can interact with its USB ports. If exploited, a threat actor with physical access to the workstation could gain access to system information and potentially exfiltrate data.

Key dates

02Disclosure timeline

November 28, 2023 CVE published
June 3, 2025 Record updated