CVE-2023-29060
Lack of USB Whitelisting
In short
The FACSChorus workstation allows any USB device to connect without restrictions. An attacker with physical access could plug in a malicious USB device to steal system information or data from the computer.
Technical detail
The system lacks USB device whitelisting controls, allowing unauthorized USB peripherals to communicate with the workstation. An attacker with physical access can exploit this to enumerate system information and exfiltrate sensitive data via an arbitrary USB device.
Summary generated and translated by AI from the official description.
The FACSChorus workstation operating system does not restrict what devices can interact with its USB ports. If exploited, a threat actor with physical access to the workstation could gain access to system information and potentially exfiltrate data.
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
Affected products
Becton, Dickinson and Company (BD) · FACSChorusWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →