CVE-2023-29061
Lack of Adequate BIOS Authentication
In short
The FACSChorus workstation has no BIOS password protection. Someone with physical access to the computer could change important system settings like boot order and security options.
Technical detail
CWE-306 vulnerability allowing unauthenticated BIOS access via physical local access. An attacker with direct hardware access can modify boot configurations and disable pre-boot authentication mechanisms, potentially enabling unauthorized system access or firmware tampering.
Summary generated and translated by AI from the official description.
There is no BIOS password on the FACSChorus workstation. A threat actor with physical access to the workstation can potentially exploit this vulnerability to access the BIOS configuration and modify the drive boot order and BIOS pre-boot authentication.
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
Affected products
Becton, Dickinson and Company (BD) · FACSChorusWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →