CVE-2023-29060 — MEDIUM (5.4)

Vulnerability Description

The FACSChorus workstation operating system does not restrict what devices can interact with its USB ports. If exploited, a threat actor with physical access to the workstation could gain access to system information and potentially exfiltrate data.

CVSS Score

5.4

MEDIUM

CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

LOW

Availability

HIGH

Affected Products

Vendor	Product	Versions
Bd	Facschorus	5.0
Hp	Hp Z2 Tower G9	-
Hp	Hp Z2 Tower G5	-

Related Weaknesses (CWE)

CWE-306 CWE-1299

References

https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-facschorus-softwareMitigationVendor Advisory
https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-facschorus-softwareMitigationVendor Advisory

FAQ

What is CVE-2023-29060?

CVE-2023-29060 is a vulnerability with a CVSS score of 5.4 (MEDIUM). The FACSChorus workstation operating system does not restrict what devices can interact with its USB ports. If exploited, a threat actor with physical access to the workstation could gain access to sy...

How severe is CVE-2023-29060?

CVE-2023-29060 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-29060?

Check the references section above for vendor advisories and patch information. Affected products include: Bd Facschorus, Hp Hp Z2 Tower G9, Hp Hp Z2 Tower G5.