CVE-2023-29065

The FACSChorus software database can be accessed directly with the privileges of the currently logged-in user. A threat actor with physical access could potentially gain credentials, which could be used to alter or destroy data stored in the database.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.1 MEDIUM
PHYSICAL
LOW
LOW
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
BDCNA
4.1 MEDIUM
PHYSICAL
LOW
LOW
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 12%
VendorProductVersion
bdfacschorus
5.0
bdfacschorus
5.1
bdfacschorus
3.0
bdfacschorus
3.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-facschorus-software
https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-facschorus-software