CVE-2023-29066

Description

The FACSChorus software does not properly assign data access privileges for operating system user accounts. A non-administrative OS account can modify information stored in the local application data folders.

CVSS breakdown

CVSS 3.1

Attack Vector

Physical

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

Low

Affected products

Becton, Dickinson and Company (BD) / FACSChorus5.0 – 5.1

References

MISChttps://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-facschorus-software