CVE-2023-29065 MEDIUM

CVE-2023-29065: Overly Permissive Access Policy

Vendor Becton, Dickinson And Company (Bd)
Product FACSChorus
Weakness CWE-277
Published November 28, 2023
Last update December 2, 2024

CVSS base score

4.1/10
Attack vector Physical
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

The FACSChorus software database can be accessed directly with the privileges of the currently logged-in user. A threat actor with physical access could potentially gain credentials, which could be used to alter or destroy data stored in the database.

Key dates

02Disclosure timeline

November 28, 2023 CVE published
December 2, 2024 Record updated