3.8

CVE-2023-29062

EPSS 0.09%
Veröffentlicht 28.11.2023 21:15:07
Zuletzt bearbeitet 21.11.2024 07:56:29
Quelle cybersecurity@bd.com
CVE-Watchlists
Login
Unerledigt
Login

The Operating System hosting the FACSChorus application is configured to allow transmission of hashed user credentials upon user action without adequately validating the identity of the requested resource. This is possible through the use of LLMNR, MBT-NS, or MDNS and will result in NTLMv2 hashes being sent to a malicious entity position on the local network. These hashes can subsequently be attacked through brute force and cracked if a weak password is used. This attack would only apply to domain joined systems.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Bd ≫ Facschorus Version5.0

Hp ≫ Hp Z2 Tower G9 Version-

Bd ≫ Facschorus Version5.1

Hp ≫ Hp Z2 Tower G9 Version-

Bd ≫ Facschorus Version3.0

Hp ≫ Hp Z2 Tower G5 Version-

Bd ≫ Facschorus Version3.1

Hp ≫ Hp Z2 Tower G5 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.09%	0.257

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	3.8	2.1	1.4	CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N
cybersecurity@bd.com	3.8	2.1	1.4	CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-facschorus-software

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-29062

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-29062

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-29062

EUVD