CVE-2023-29063

{"id": "CVE-2023-29063", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 2.4, "attackVector": "PHYSICAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 0.9}, {"type": "Secondary", "source": "cybersecurity@bd.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 2.4, "attackVector": "PHYSICAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 0.9}]}, "published": "2023-11-28T21:15:07.613", "references": [{"url": "https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-facschorus-software", "tags": ["Vendor Advisory"], "source": "cybersecurity@bd.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-306"}]}, {"type": "Secondary", "source": "cybersecurity@bd.com", "description": [{"lang": "en", "value": "CWE-1299"}]}], "descriptions": [{"lang": "en", "value": "The FACSChorus workstation does not prevent physical access to its PCI express (PCIe) slots, which could allow a threat actor to insert a PCI card designed for memory capture. A threat actor can then isolate sensitive information such as a BitLocker encryption key from a dump of the workstation RAM during startup."}, {"lang": "es", "value": "La estaci\u00f3n de trabajo FACSChorus no impide el acceso f\u00edsico a sus ranuras PCI express (PCIe), lo que podr\u00eda permitir que un actor de amenazas inserte una tarjeta PCI dise\u00f1ada para la captura de memoria. Luego, un actor de amenazas puede aislar informaci\u00f3n confidencial, como una clave de cifrado BitLocker, de un volcado de la RAM de la estaci\u00f3n de trabajo durante el inicio."}], "lastModified": "2023-12-05T14:45:30.123", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:bd:facschorus:5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4D5E0D4F-559B-414E-A627-0BA0937BD7F1"}, {"criteria": "cpe:2.3:a:bd:facschorus:5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "57F63FB2-2AE2-4B5F-8B49-4A0A4549CF3E"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:hp:hp_z2_tower_g9:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "54279DE4-A2A4-4AA6-A05F-931094446F16"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:bd:facschorus:3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2785D17E-800C-4772-A131-5737E9446C01"}, {"criteria": "cpe:2.3:a:bd:facschorus:3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "30FD1DE4-982F-4D14-BB8A-478F8430BC63"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:hp:hp_z2_tower_g5:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "7E9BA28D-9C14-435A-9786-222BE58A9258"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cybersecurity@bd.com"}