CVE-2023-29065
Overly Permissive Access Policy
Severity Score
4.3
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track
*SSVC
Descriptions
The FACSChorus software database can be accessed directly with the privileges of the currently logged-in user. A threat actor with physical access could potentially gain credentials, which could be used to alter or destroy data stored in the database.
Se puede acceder directamente a la base de datos del software FACSChorus con los privilegios del usuario actualmente conectado. Un actor de amenazas con acceso físico podría obtener credenciales, que podrían usarse para alterar o destruir datos almacenados en la base de datos.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2023-03-30 CVE Reserved
- 2023-11-28 CVE Published
- 2024-12-02 CVE Updated
- 2025-04-18 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-277: Insecure Inherited Permissions
- CWE-732: Incorrect Permission Assignment for Critical Resource
CAPEC
- CAPEC-1: Accessing Functionality Not Properly Constrained by ACLs
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-facschorus-software | 2023-12-05 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Bd Search vendor "Bd" | Facschorus Search vendor "Bd" for product "Facschorus" | 5.0 Search vendor "Bd" for product "Facschorus" and version "5.0" | - |
Affected
| in | Hp Search vendor "Hp" | Hp Z2 Tower G9 Search vendor "Hp" for product "Hp Z2 Tower G9" | - | - |
Safe
|
| Bd Search vendor "Bd" | Facschorus Search vendor "Bd" for product "Facschorus" | 5.1 Search vendor "Bd" for product "Facschorus" and version "5.1" | - |
Affected
| in | Hp Search vendor "Hp" | Hp Z2 Tower G9 Search vendor "Hp" for product "Hp Z2 Tower G9" | - | - |
Safe
|
| Bd Search vendor "Bd" | Facschorus Search vendor "Bd" for product "Facschorus" | 3.0 Search vendor "Bd" for product "Facschorus" and version "3.0" | - |
Affected
| in | Hp Search vendor "Hp" | Hp Z2 Tower G5 Search vendor "Hp" for product "Hp Z2 Tower G5" | - | - |
Safe
|
| Bd Search vendor "Bd" | Facschorus Search vendor "Bd" for product "Facschorus" | 3.1 Search vendor "Bd" for product "Facschorus" and version "3.1" | - |
Affected
| in | Hp Search vendor "Hp" | Hp Z2 Tower G5 Search vendor "Hp" for product "Hp Z2 Tower G5" | - | - |
Safe
|