CVE-2023-29062

Severity CVSS v4.0:

Pending analysis

Type:

CWE-287 Authentication Issues

Publication date:

28/11/2023

Last modified:

05/12/2023

Description

The Operating System hosting the FACSChorus application is configured to allow transmission of hashed user credentials upon user action without adequately validating the identity of the requested resource. This is possible through the use of LLMNR, MBT-NS, or MDNS and will result in NTLMv2 hashes being sent to a malicious entity position on the local network. These hashes can subsequently be attacked through brute force and cracked if a weak password is used. This attack would only apply to domain joined systems.

Impact

Vector 3.x

CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N CVSS v3.1 Severity and Metrics:

Base Score: 3.80 LOW
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N

Attack Vector (AV): Adjacent
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): Required
Scope (S): Changed
Confidentiality (C): Low
Integrity (I): None
Availability (A): None

Base Score 3.x

3.80

Severity 3.x

LOW

Vulnerable products and versions

CPE	From	Up to
cpe:2.3:a:bd:facschorus:5.0:::::::*
cpe:2.3:a:bd:facschorus:5.1:::::::*
cpe:2.3:h:hp:hp_z2_tower_g9:-:::::::*
cpe:2.3:a:bd:facschorus:3.0:::::::*
cpe:2.3:a:bd:facschorus:3.1:::::::*
cpe:2.3:h:hp:hp_z2_tower_g5:-:::::::*

To consult the complete list of CPE names with products and versions, see this page

References to Advisories, Solutions, and Tools

https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-facschorus-software

CPE	From	Up to
cpe:2.3:a:bd:facschorus:5.0:::::::*
cpe:2.3:a:bd:facschorus:5.1:::::::*
cpe:2.3:h:hp:hp_z2_tower_g9:-:::::::*
cpe:2.3:a:bd:facschorus:3.0:::::::*
cpe:2.3:a:bd:facschorus:3.1:::::::*
cpe:2.3:h:hp:hp_z2_tower_g5:-:::::::*