CVE-2023-29061 — MEDIUM (5.2)

Vulnerability Description

There is no BIOS password on the FACSChorus workstation. A threat actor with physical access to the workstation can potentially exploit this vulnerability to access the BIOS configuration and modify the drive boot order and BIOS pre-boot authentication.

CVSS Score

5.2

MEDIUM

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

LOW

Availability

HIGH

Affected Products

Vendor	Product	Versions
Bd	Facschorus	5.0
Hp	Hp Z2 Tower G9	-
Hp	Hp Z2 Tower G5	-

Related Weaknesses (CWE)

CWE-306

References

https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-facschorus-softwareVendor Advisory
https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-facschorus-softwareVendor Advisory

FAQ

What is CVE-2023-29061?

CVE-2023-29061 is a vulnerability with a CVSS score of 5.2 (MEDIUM). There is no BIOS password on the FACSChorus workstation. A threat actor with physical access to the workstation can potentially exploit this vulnerability to access the BIOS configuration and modify t...

How severe is CVE-2023-29061?

CVE-2023-29061 has been rated MEDIUM with a CVSS base score of 5.2/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-29061?

Check the references section above for vendor advisories and patch information. Affected products include: Bd Facschorus, Hp Hp Z2 Tower G9, Hp Hp Z2 Tower G5.