First published: Tue Nov 28 2023(Updated: )
There is no BIOS password on the FACSChorus workstation. A threat actor with physical access to the workstation can potentially exploit this vulnerability to access the BIOS configuration and modify the drive boot order and BIOS pre-boot authentication.
Credit: cybersecurity@bd.com
Affected Software | Affected Version | How to fix |
---|---|---|
All of | ||
Any of | ||
Bd Facschorus | =5.0 | |
Bd Facschorus | =5.1 | |
Hp Hp Z2 Tower G9 | ||
All of | ||
Any of | ||
Bd Facschorus | =3.0 | |
Bd Facschorus | =3.1 | |
Hp Hp Z2 Tower G5 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-29061 refers to the lack of adequate BIOS authentication vulnerability.
The severity of CVE-2023-29061 is medium with a severity value of 5.2.
The FACSChorus version 5.0 and 5.1 software from BD as well as the HP Z2 Tower G9 and G5 devices are affected by CVE-2023-29061.
A threat actor with physical access to the FACSChorus workstation can potentially access the BIOS configuration, modify the drive boot order, and bypass the BIOS pre-boot authentication.
To mitigate the CVE-2023-29061 vulnerability, enable a BIOS password on the FACSChorus workstation to prevent unauthorized access to the BIOS configuration and modify the drive boot order.