CVE-2023-29061

There is no BIOS password on the FACSChorus workstation. A threat actor with physical access to the workstation can potentially exploit this vulnerability to access the BIOS configuration and modify the drive boot order and BIOS pre-boot authentication.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.2 MEDIUM
PHYSICAL
LOW
NONE
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
BDCNA
5.2 MEDIUM
PHYSICAL
LOW
NONE
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 8%
VendorProductVersion
bdfacschorus
5.0
bdfacschorus
5.1
bdfacschorus
3.0
bdfacschorus
3.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-facschorus-software
https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-facschorus-software