CVE-2023-29066
Incorrect User Management
In short
FACSChorus software fails to properly restrict who can access and modify application data folders on the computer. This allows regular user accounts to change important application information that should only be editable by administrators.
Technical detail
CWE-266 involves improper privilege assignment in operating system user account management. A local non-administrative OS user can modify data in application folders due to insufficient discretionary access control (DAC) settings, potentially compromising application integrity without requiring elevated privileges.
Summary generated and translated by AI from the official description.
The FACSChorus software does not properly assign data access privileges for operating system user accounts. A non-administrative OS account can modify information stored in the local application data folders.
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
Affected products
Becton, Dickinson and Company (BD) · FACSChorusWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →