CVE-2023-29065
Overly Permissive Access Policy
In short
FACSChorus software allows direct access to its database using your login credentials. If someone gains physical access to your computer, they could steal these credentials and modify or delete important data in the database.
Technical detail
The FACSChorus database implements overly permissive access policies, permitting direct authentication using the logged-in user's privileges. An adversary with physical access can extract credentials and leverage them to perform unauthorized read, modification, or deletion operations on database records, requiring no additional authentication bypass.
Summary generated and translated by AI from the official description.
The FACSChorus software database can be accessed directly with the privileges of the currently logged-in user. A threat actor with physical access could potentially gain credentials, which could be used to alter or destroy data stored in the database.
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Affected products
Becton, Dickinson and Company (BD) · FACSChorusWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →