Vulnerabilites related to hp - hp_z2_tower_g9
Vulnerability from fkie_nvd
Published
2023-11-28 21:15
Modified
2024-11-21 07:56
Severity ?
4.1 (Medium) - CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
4.3 (Medium) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
4.3 (Medium) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Summary
The FACSChorus software database can be accessed directly with the privileges of the currently logged-in user. A threat actor with physical access could potentially gain credentials, which could be used to alter or destroy data stored in the database.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bd | facschorus | 5.0 | |
| bd | facschorus | 5.1 | |
| hp | hp_z2_tower_g9 | - | |
| bd | facschorus | 3.0 | |
| bd | facschorus | 3.1 | |
| hp | hp_z2_tower_g5 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bd:facschorus:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4D5E0D4F-559B-414E-A627-0BA0937BD7F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bd:facschorus:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "57F63FB2-2AE2-4B5F-8B49-4A0A4549CF3E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hp:hp_z2_tower_g9:-:*:*:*:*:*:*:*",
"matchCriteriaId": "54279DE4-A2A4-4AA6-A05F-931094446F16",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bd:facschorus:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2785D17E-800C-4772-A131-5737E9446C01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bd:facschorus:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "30FD1DE4-982F-4D14-BB8A-478F8430BC63",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hp:hp_z2_tower_g5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7E9BA28D-9C14-435A-9786-222BE58A9258",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The FACSChorus software database can be accessed directly with the privileges of the currently logged-in user. A threat actor with physical access could potentially gain credentials, which could be used to alter or destroy data stored in the database."
},
{
"lang": "es",
"value": "Se puede acceder directamente a la base de datos del software FACSChorus con los privilegios del usuario actualmente conectado. Un actor de amenazas con acceso f\u00edsico podr\u00eda obtener credenciales, que podr\u00edan usarse para alterar o destruir datos almacenados en la base de datos."
}
],
"id": "CVE-2023-29065",
"lastModified": "2024-11-21T07:56:29.387",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "LOW",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 0.7,
"impactScore": 3.4,
"source": "cybersecurity@bd.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 3.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-28T21:15:07.990",
"references": [
{
"source": "cybersecurity@bd.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-facschorus-software"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-facschorus-software"
}
],
"sourceIdentifier": "cybersecurity@bd.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-277"
}
],
"source": "cybersecurity@bd.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-732"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-11-28 20:15
Modified
2024-11-21 07:56
Severity ?
5.4 (Medium) - CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
5.7 (Medium) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
5.7 (Medium) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
Summary
The FACSChorus workstation operating system does not restrict what devices can interact with its USB ports. If exploited, a threat actor with physical access to the workstation could gain access to system information and potentially exfiltrate data.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cybersecurity@bd.com | https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-facschorus-software | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-facschorus-software | Mitigation, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bd | facschorus | 5.0 | |
| bd | facschorus | 5.1 | |
| hp | hp_z2_tower_g9 | - | |
| bd | facschorus | 3.0 | |
| bd | facschorus | 3.1 | |
| hp | hp_z2_tower_g5 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bd:facschorus:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4D5E0D4F-559B-414E-A627-0BA0937BD7F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bd:facschorus:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "57F63FB2-2AE2-4B5F-8B49-4A0A4549CF3E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hp:hp_z2_tower_g9:-:*:*:*:*:*:*:*",
"matchCriteriaId": "54279DE4-A2A4-4AA6-A05F-931094446F16",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bd:facschorus:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2785D17E-800C-4772-A131-5737E9446C01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bd:facschorus:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "30FD1DE4-982F-4D14-BB8A-478F8430BC63",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hp:hp_z2_tower_g5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7E9BA28D-9C14-435A-9786-222BE58A9258",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The FACSChorus workstation operating system does not restrict what devices can interact with its USB ports. If exploited, a threat actor with physical access to the workstation could gain access to system information and potentially exfiltrate data."
},
{
"lang": "es",
"value": "El sistema operativo de la estaci\u00f3n de trabajo FACSChorus no restringe qu\u00e9 dispositivos pueden interactuar con sus puertos USB. Si se explota, un actor de amenazas con acceso f\u00edsico a la estaci\u00f3n de trabajo podr\u00eda obtener acceso a la informaci\u00f3n del sistema y potencialmente filtrar datos."
}
],
"id": "CVE-2023-29060",
"lastModified": "2024-11-21T07:56:28.770",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.7,
"impactScore": 4.7,
"source": "cybersecurity@bd.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 4.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-28T20:15:07.230",
"references": [
{
"source": "cybersecurity@bd.com",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-facschorus-software"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-facschorus-software"
}
],
"sourceIdentifier": "cybersecurity@bd.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-1299"
}
],
"source": "cybersecurity@bd.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-04-28 16:15
Modified
2025-01-30 17:15
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Summary
A potential security vulnerability has been identified in the system BIOS for certain HP PC products which may allow loss of integrity. HP is releasing firmware updates to mitigate the potential vulnerability.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:elite_dragonfly_g3_firmware:01.03.01:*:*:*:*:*:*:*",
"matchCriteriaId": "0D37E86F-560F-44EF-B129-F0FE16984583",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hp:elite_dragonfly_g3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "124AEDB5-3716-44E2-9F49-646E31834C02",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:dragonfly_folio_g3_firmware:01.03.01:*:*:*:*:*:*:*",
"matchCriteriaId": "CDB824B8-8D3B-494B-A976-816D3EF8B116",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hp:dragonfly_folio_g3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "12DFC193-4424-45D4-8B8D-16A139132A51",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:elite_dragonfly_g2_firmware:01.10.00:*:*:*:*:*:*:*",
"matchCriteriaId": "DB5252E8-AA98-4E25-9310-215EB82A82E2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hp:elite_dragonfly_g2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "28829816-379A-43CA-B2B0-2DDC32C9EFA7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:elite_dragonfly_max_firmware:01.10.00:*:*:*:*:*:*:*",
"matchCriteriaId": "516E892D-9A24-4B13-8702-123AD83C8469",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hp:elite_dragonfly_max:-:*:*:*:*:*:*:*",
"matchCriteriaId": "301EE3DA-31B5-44E3-B6B7-1E3A87B24F65",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:elite_x2_g8_firmware:01.10.00:*:*:*:*:*:*:*",
"matchCriteriaId": "CCFFA707-F240-4DB3-BECC-AAF5A35A2391",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hp:elite_x2_g8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0795E7C5-4FDF-40BA-92D3-2713CAD5B098",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:elite_x360_1040_g9_firmware:01.03.01:*:*:*:*:*:*:*",
"matchCriteriaId": "5D24322D-5C60-40ED-87A3-CD4BFAA53014",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hp:elite_x360_1040_g9:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7D1888D3-AF3E-4C8B-AC38-F183F0D7E61B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:elite_x360_830_g9_firmware:01.03.01:*:*:*:*:*:*:*",
"matchCriteriaId": "E766537A-D1B4-4B36-9FE9-E4D2C2A0B235",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hp:elite_x360_830_g9:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9FA311AF-952A-4249-8285-636B22601C83",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:elitebook_1040_g9_firmware:01.03.01:*:*:*:*:*:*:*",
"matchCriteriaId": "3B8FE317-1830-49DB-8187-15420A555B8F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hp:elitebook_1040_g9:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7823AE3-76BB-4638-949E-6D785A00C222",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:elitebook_630_g9_firmware:01.04.00:*:*:*:*:*:*:*",
"matchCriteriaId": "9E11BDBB-762F-47CB-BAB0-A335C93209B3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hp:elitebook_630_g9:-:*:*:*:*:*:*:*",
"matchCriteriaId": "874AE70B-2176-4B08-9264-62241E65A06F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:elitebook_640_g9_firmware:01.04.00:*:*:*:*:*:*:*",
"matchCriteriaId": "08E0E50F-87F9-4188-8048-7FB462DBDA6F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hp:elitebook_640_g9:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BA963C0F-AFFE-41B4-A0A0-7C8BEAFA1795",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:elitebook_645_g9_firmware:01.08.01:*:*:*:*:*:*:*",
"matchCriteriaId": "6D10C722-88ED-4DCE-8B78-748E8127C123",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hp:elitebook_645_g9:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4E12FA94-3524-459A-8B84-FC90887EFF21",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:elitebook_650_g9_firmware:01.04.00:*:*:*:*:*:*:*",
"matchCriteriaId": "9EDCFD4E-C209-4304-8881-ED0B69BDEC7D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hp:elitebook_650_g9:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1CC0925D-AFC9-47FB-8DBA-392F156F6324",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:elitebook_655_g9_firmware:01.08.01:*:*:*:*:*:*:*",
"matchCriteriaId": "A7AE821C-9250-4A02-A533-8F27E4BC6982",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hp:elitebook_655_g9:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5D738D26-4235-407C-8C0A-724E3F226A81",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:elitebook_830_g9_firmware:01.03.01:*:*:*:*:*:*:*",
"matchCriteriaId": "FAF50A86-A295-43AA-9796-9810DE51D19B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hp:elitebook_830_g9:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A5CF95C1-FF31-4541-A082-B8E7BD2DF192",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:elitebook_830_g8_firmware:01.10.00:*:*:*:*:*:*:*",
"matchCriteriaId": "66056E25-77A5-4A53-BB66-3F94021D59BC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hp:elitebook_830_g8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D306687B-3EF9-40B4-88E1-F9840FBF332C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:elitebook_835_g9_firmware:01.02.01:*:*:*:*:*:*:*",
"matchCriteriaId": "375F12A9-36D4-4F24-8D0A-CFC8ABCB784F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hp:elitebook_835_g9:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C2649C10-3185-4932-9CD8-D979038BC11D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:elitebook_835_g8_firmware:01.10.00:*:*:*:*:*:*:*",
"matchCriteriaId": "1B89CDCE-5AD9-4426-9F37-B11841DA0B7F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hp:elitebook_835_g8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1B516B02-6478-4E30-B175-1A5142263B1A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:elitebook_840_g9_firmware:01.03.01:*:*:*:*:*:*:*",
"matchCriteriaId": "084C03A2-B91A-471E-9539-4B8F18CACC1B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hp:elitebook_840_g9:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D2D1C0F6-09EB-472E-8971-E5DD1F01C612",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:elitebook_840_aero_g8_firmware:01.10.00:*:*:*:*:*:*:*",
"matchCriteriaId": "8024C1A9-32FA-401F-A5E7-A6B379DE26BD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hp:elitebook_840_aero_g8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A5446ABE-8540-4DF0-A3EA-BEE74199856C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:elitebook_840_g8_firmware:01.10.00:*:*:*:*:*:*:*",
"matchCriteriaId": "F22D08D5-F476-4B81-9443-5BEE599563A4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hp:elitebook_840_g8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A27335B7-81BA-4A1D-922B-CE34EBD31A60",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:elitebook_845_g9_firmware:01.02.01:*:*:*:*:*:*:*",
"matchCriteriaId": "9826F1CC-61B0-4A53-B219-F2B3D055C6B8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hp:elitebook_845_g9:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F5EE158F-F6D4-4ED0-90B9-D8293AEEF7EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:elitebook_845_g8_firmware:01.10.00:*:*:*:*:*:*:*",
"matchCriteriaId": "509FCA2E-9098-4F7B-9D30-5D4D45FECB39",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hp:elitebook_845_g8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F86677F1-6A09-4E95-B57D-734F854AA52A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:elitebook_850_g8_firmware:01.10.00:*:*:*:*:*:*:*",
"matchCriteriaId": "335666BA-D588-43FC-BEBB-BFF619E89E9B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hp:elitebook_850_g8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BCEF5B4C-DB2B-4406-8EE1-7E5A63E89045",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:elitebook_855_g8_firmware:01.10.00:*:*:*:*:*:*:*",
"matchCriteriaId": "4570A4BD-38E8-4459-845B-E7F7A7A596B3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hp:elitebook_855_g8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BB0C9422-3123-4DDF-83CF-3D10AB9C359D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:elitebook_860_g9_firmware:01.03.01:*:*:*:*:*:*:*",
"matchCriteriaId": "D1EDDA67-22FF-4F9B-A1AF-F50B635C6F99",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hp:elitebook_860_g9:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4A017F01-C278-4937-86DE-283E9E8DAFA6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:elitebook_865_g9_firmware:01.02.01:*:*:*:*:*:*:*",
"matchCriteriaId": "FE5FBDD9-6AF9-4F19-947C-338925022A93",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hp:elitebook_865_g9:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FC5F1FB7-E91C-4220-A8D5-C6306FA958EB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:elitebook_x360_1030_g8_firmware:01.10.00:*:*:*:*:*:*:*",
"matchCriteriaId": "B1CDB13A-993B-4134-8EC9-957D102DB65D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hp:elitebook_x360_1030_g8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C0C27ABA-63FC-4DCE-925A-1C8A3D5D73F2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:elitebook_x360_1040_g8_firmware:01.10.00:*:*:*:*:*:*:*",
"matchCriteriaId": "161863F1-4F5B-4451-94D8-C29CAAB54C6B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hp:elitebook_x360_1040_g8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7F3FE302-C270-4C5E-B8AF-A140843E7E3C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:elitebook_x360_830_g8_firmware:01.10.00:*:*:*:*:*:*:*",
"matchCriteriaId": "75B9AEF8-2586-4DD1-B3DF-B0F7F4F2563D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hp:elitebook_x360_830_g8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "87B40BA1-1F6C-4786-9F33-52EEF0ADE083",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:pro_x360_fortis_g10_firmware:01.03.00:*:*:*:*:*:*:*",
"matchCriteriaId": "72387993-0DDC-41E8-A7B3-45FBB330256F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hp:pro_x360_fortis_g10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "70BE965C-A20D-4F4A-96B7-104D432E55D5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:pro_x360_fortis_g9_firmware:01.03.00:*:*:*:*:*:*:*",
"matchCriteriaId": "3E977AC3-07DC-4541-AC26-2BDAA5794F5A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hp:pro_x360_fortis_g9:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B8709AD4-4B42-46CD-B2BE-B7CF17AFEC83",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:probook_430_g8_firmware:01.10.00:*:*:*:*:*:*:*",
"matchCriteriaId": "EE59E5A9-61E1-48B4-AD18-CC2AE3EA4BC0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hp:probook_430_g8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "986AAA40-9DC9-4D20-A4DA-2D02636C1A62",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:probook_440_g9_firmware:01.04.00:*:*:*:*:*:*:*",
"matchCriteriaId": "B3F89C76-13FD-4C0C-A6A8-4FDAA1EDE988",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hp:probook_440_g9:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E2B9B12E-09FC-4E40-B983-28C4A205096C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:probook_440_g8_firmware:01.10.00:*:*:*:*:*:*:*",
"matchCriteriaId": "993ACC43-9A8A-486E-9478-8B67FBAC5521",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hp:probook_440_g8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2F93D1E8-C7A7-4B35-9389-AAC3DD0FA978",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:probook_445_g9_firmware:01.08.01:*:*:*:*:*:*:*",
"matchCriteriaId": "D46D9053-721A-4B4E-9C50-954F9A79CC5A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hp:probook_445_g9:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3588FA34-F7E8-48FA-9178-4D59518F9D4B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:probook_445_g8_firmware:01.10.00:*:*:*:*:*:*:*",
"matchCriteriaId": "F87E8796-8913-4F92-B74F-ACC6D83642CD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hp:probook_445_g8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BDD14C52-DD66-485B-AE52-1CBA39B06FB7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:probook_450_g9_firmware:01.04.00:*:*:*:*:*:*:*",
"matchCriteriaId": "8FA3DD3B-E958-4363-B9C3-DEF652FBB780",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hp:probook_450_g9:-:*:*:*:*:*:*:*",
"matchCriteriaId": "16F30536-3130-4E56-A159-54363618E89E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:probook_450_g8_firmware:01.10.00:*:*:*:*:*:*:*",
"matchCriteriaId": "B080BB04-167C-498D-A5B9-799F96B27743",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hp:probook_450_g8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A1982269-50DD-4939-8158-4B7357D7AEE4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:probook_455_g9_firmware:01.08.01:*:*:*:*:*:*:*",
"matchCriteriaId": "86381B71-DB86-4596-8146-6075E2C1F512",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hp:probook_455_g9:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D68FE729-B3E9-4356-9B85-D22BF60C27AE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:probook_455_g8_firmware:01.10.00:*:*:*:*:*:*:*",
"matchCriteriaId": "44F6BF01-ED16-4B7C-A79C-F77B49B2C6FD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hp:probook_455_g8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AD88F9D7-6108-4108-9685-AB2FB2FF92CA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:probook_630_g8_firmware:01.10.00:*:*:*:*:*:*:*",
"matchCriteriaId": "14BC6C99-9B21-4677-BBD7-9A6370E1D8B6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hp:probook_630_g8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "80EF159A-302D-4F73-8A08-683805B051A0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:probook_635_aero_g8_firmware:01.10.00:*:*:*:*:*:*:*",
"matchCriteriaId": "116229E7-EEF3-47E3-AD85-EA39BBCAC1B3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hp:probook_635_aero_g8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C52FB94F-8377-41EE-B377-498A560626DF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:probook_640_g8_firmware:01.10.00:*:*:*:*:*:*:*",
"matchCriteriaId": "3828FECE-B145-4C0A-853B-F107FE871B24",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hp:probook_640_g8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C6351F53-2458-47FB-B547-C56691B7CF50",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:probook_650_g8_firmware:01.10.00:*:*:*:*:*:*:*",
"matchCriteriaId": "6772CEEE-2996-44C5-9C96-AD14EC829ED5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hp:probook_650_g8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ED793F1B-C4A0-41B7-856B-20CF33308750",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:probook_fortis_g10_firmware:01.03.00:*:*:*:*:*:*:*",
"matchCriteriaId": "4A9EE2C2-B4C2-485E-BC96-A1464922F831",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hp:probook_fortis_g10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "281BD2C3-31EA-45F8-9F2B-6333EB420366",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:probook_fortis_g9_firmware:01.03.00:*:*:*:*:*:*:*",
"matchCriteriaId": "BC7BA69C-5520-487D-9E5C-353710D35F70",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hp:probook_fortis_g9:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B5FE0325-E61F-472C-8129-9ADC1EA7B4D3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:probook_x360_11_g7_ee_firmware:01.10.00:*:*:*:*:*:*:*",
"matchCriteriaId": "38624BC9-026D-468B-9294-5B086A2FBDA7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hp:probook_x360_11_g7_ee:-:*:*:*:*:*:*:*",
"matchCriteriaId": "259B2C81-4B86-4DDD-B678-3E8F107432FF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:probook_x360_435_g8_firmware:01.10.00:*:*:*:*:*:*:*",
"matchCriteriaId": "1A0CA4AF-1A56-4432-9815-29E81B1CF634",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hp:probook_x360_435_g8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B66E7EF7-4642-4492-9481-9BF8BDA584C2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:zbook_firefly_g8_firmware:01.10.00:*:*:*:*:*:*:*",
"matchCriteriaId": "5B619E85-404C-482A-B5FE-E052D9855AE6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hp:zbook_firefly_g8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6E1E7702-C774-43B5-B7F7-0A0D27433622",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:zbook_firefly_g9_firmware:01.03.01:*:*:*:*:*:*:*",
"matchCriteriaId": "9FEABF25-C2D4-45B8-9221-503E5AD355A8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hp:zbook_firefly_g9:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7CFD8AB2-83FA-42D9-A848-E6BE69394671",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:zbook_firefly_g8_firmware:01.10.00:*:*:*:*:*:*:*",
"matchCriteriaId": "5B619E85-404C-482A-B5FE-E052D9855AE6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hp:zbook_firefly_g8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6E1E7702-C774-43B5-B7F7-0A0D27433622",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:zbook_firefly_g9_firmware:01.03.01:*:*:*:*:*:*:*",
"matchCriteriaId": "9FEABF25-C2D4-45B8-9221-503E5AD355A8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hp:zbook_firefly_g9:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7CFD8AB2-83FA-42D9-A848-E6BE69394671",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:zbook_fury_g8_firmware:01.10.00:*:*:*:*:*:*:*",
"matchCriteriaId": "37EDC561-A780-4F32-922E-13B9A4FEAE17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hp:zbook_fury_g8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "42823BAF-7706-4EE5-B67F-756C4FA1285A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:zbook_fury_16_g9_firmware:01.03.02:*:*:*:*:*:*:*",
"matchCriteriaId": "18FAAE58-48CB-49B6-83C8-1C7CB5E7F669",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hp:zbook_fury_16_g9:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7EA5CA03-5990-4EAF-BFE4-1EF0CAC3978C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:zbook_fury_g8_firmware:01.10.00:*:*:*:*:*:*:*",
"matchCriteriaId": "37EDC561-A780-4F32-922E-13B9A4FEAE17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hp:zbook_fury_g8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "42823BAF-7706-4EE5-B67F-756C4FA1285A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:zbook_power_g8_firmware:01.10.00:*:*:*:*:*:*:*",
"matchCriteriaId": "65F3B5B4-A863-4D49-82CF-89F990E22D45",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hp:zbook_power_g8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "59EDA0AC-5F7E-49DB-A618-91CCEDA02FC8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:zbook_power_g9_firmware:01.03.00:*:*:*:*:*:*:*",
"matchCriteriaId": "B3743E7B-78A9-431A-AF42-C44735A9740D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hp:zbook_power_g9:-:*:*:*:*:*:*:*",
"matchCriteriaId": "39C8614A-6729-44E3-9DA4-095F02B111B5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:zbook_studio_g8_firmware:01.10.00:*:*:*:*:*:*:*",
"matchCriteriaId": "F00E36E3-FD0E-4D7A-BE91-1E72108687D0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hp:zbook_studio_g8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1492ED88-CD51-49D7-B1E0-8811A0A75E74",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:zbook_studio_g9_firmware:01.03.01:*:*:*:*:*:*:*",
"matchCriteriaId": "8D714D89-4AA7-4945-8497-E59F8C752643",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hp:zbook_studio_g9:-:*:*:*:*:*:*:*",
"matchCriteriaId": "05F69127-005C-4072-80A8-39CC691B9A0E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:zhan_66_pro_g5_firmware:01.04.00:*:*:*:*:*:*:*",
"matchCriteriaId": "08C62652-E5A7-4515-A41C-E8EA0EC602A5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hp:zhan_66_pro_g5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FCF2167D-F5F7-4D8C-B77B-96BFD93E718F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:zhan_66_pro_a_14_g4_firmware:01.10.00:*:*:*:*:*:*:*",
"matchCriteriaId": "1DB9CFF3-3DAA-4881-B477-32F44BC9FA2A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hp:zhan_66_pro_a_14_g4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3866AB2F-8161-44CA-BF2E-07FE001328A2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:zhan_66_pro_a_14_g5_firmware:01.08.01:*:*:*:*:*:*:*",
"matchCriteriaId": "F6349AC8-C818-44CB-8DD0-F62299B9CF68",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hp:zhan_66_pro_a_14_g5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "64D5E785-48C0-477D-ACA5-BAB29E4C3991",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:elite_mini_600_g9_firmware:02.05.00:*:*:*:*:*:*:*",
"matchCriteriaId": "CF60E54F-5959-4944-BDA5-B01AE42591BA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hp:elite_mini_600_g9:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1A786577-CFE2-45FE-8145-D96C8DE6A951",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:elite_mini_800_g9_firmware:02.05.00:*:*:*:*:*:*:*",
"matchCriteriaId": "9D64E312-826B-4062-80F1-6E608412DCE3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hp:elite_mini_800_g9:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0BB3F65B-0793-4E3F-AA4A-0FC9FE142133",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:elite_sff_600_g9_firmware:02.05.01:*:*:*:*:*:*:*",
"matchCriteriaId": "EB20EDFF-8CB4-407D-AF07-61577D38382A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hp:elite_sff_600_g9:-:*:*:*:*:*:*:*",
"matchCriteriaId": "810D39EE-98E2-4191-B1F2-E92D8E03D97F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:elite_sff_800_g9_firmware:02.05.01:*:*:*:*:*:*:*",
"matchCriteriaId": "BA879CAA-6A91-4FD4-B29D-6B3C5EA51385",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hp:elite_sff_800_g9:-:*:*:*:*:*:*:*",
"matchCriteriaId": "17E812CF-E354-40F0-B10E-1CCDBFAB8CAB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:elite_tower_600_g9_firmware:02.05.01:*:*:*:*:*:*:*",
"matchCriteriaId": "39C82346-1A7D-4B41-8B68-CDECDAF5B4AE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hp:elite_tower_600_g9:-:*:*:*:*:*:*:*",
"matchCriteriaId": "70CC5F72-3BC9-4FA2-B7A6-36CD392C0F8A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:elite_tower_680_g9_firmware:02.05.01:*:*:*:*:*:*:*",
"matchCriteriaId": "4B21AB32-9548-415B-9288-3F6A14914F38",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hp:elite_tower_680_g9:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C0F4B5FB-0C8F-4A10-A7D7-229E09B686E7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:elite_tower_800_g9_firmware:02.05.01:*:*:*:*:*:*:*",
"matchCriteriaId": "49461379-9D56-428B-8FE7-02743C50B791",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hp:elite_tower_800_g9:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8DDDBEA3-9E1A-45DC-9CD0-44B0E74CB735",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:elite_tower_880_g9_firmware:02.05.01:*:*:*:*:*:*:*",
"matchCriteriaId": "D4BB709B-31F5-40C3-A744-160B875ABEFB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hp:elite_tower_880_g9:-:*:*:*:*:*:*:*",
"matchCriteriaId": "40BD17E5-F0A4-4DAE-96FD-2E57CF96562C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:elitedesk_800_g8_firmware:02.09.01:*:*:*:*:*:*:*",
"matchCriteriaId": "5AF769C7-B5DC-4A95-B1A3-7E618FE3D3AA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hp:elitedesk_800_g8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7F1421F5-89CC-483B-B76D-740676C77917",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:elitedesk_800_g8_firmware:02.09.01:*:*:*:*:*:*:*",
"matchCriteriaId": "5AF769C7-B5DC-4A95-B1A3-7E618FE3D3AA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hp:elitedesk_800_g8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7F1421F5-89CC-483B-B76D-740676C77917",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:elitedesk_800_g8_firmware:02.09.01:*:*:*:*:*:*:*",
"matchCriteriaId": "5AF769C7-B5DC-4A95-B1A3-7E618FE3D3AA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hp:elitedesk_800_g8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7F1421F5-89CC-483B-B76D-740676C77917",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:elitedesk_805_g8_firmware:02.05.02:*:*:*:*:*:*:*",
"matchCriteriaId": "AD034711-0BC1-456C-A554-50B6C3C6900C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hp:elitedesk_805_g8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D1E1B948-73F5-4105-B9E1-0C63DC4BE201",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:elitedesk_805_g8_firmware:02.05.02:*:*:*:*:*:*:*",
"matchCriteriaId": "AD034711-0BC1-456C-A554-50B6C3C6900C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hp:elitedesk_805_g8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D1E1B948-73F5-4105-B9E1-0C63DC4BE201",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:elitedesk_880_g8_firmware:02.09.01:*:*:*:*:*:*:*",
"matchCriteriaId": "94C17712-CE54-4E52-A0CE-5D35A10D02D0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hp:elitedesk_880_g8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8E78D54B-33D3-49A0-BB11-10FBA6877C46",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:eliteone_800_g8_24_firmware:02.09.01:*:*:*:*:*:*:*",
"matchCriteriaId": "4FB45F23-A587-42BE-B1B6-F6989F1B2F0F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hp:eliteone_800_g8_24:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D8FD621B-6BBE-4751-B13C-0783FC9F6136",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:eliteone_800_g8_27_firmware:02.09.01:*:*:*:*:*:*:*",
"matchCriteriaId": "6F34F27E-DEE4-4BB9-A98A-637A149D1E1B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hp:eliteone_800_g8_27:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A39864FE-E5FA-4A29-857D-D161E6B8EE2B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:eliteone_840_g9_firmware:02.06.00:*:*:*:*:*:*:*",
"matchCriteriaId": "EB0FFEBD-0EB4-4718-8FCF-A85BC6D91593",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hp:eliteone_840_g9:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5E1EEE22-8E2A-465B-9B41-FE0809916784",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:eliteone_870_g9_firmware:02.06.00:*:*:*:*:*:*:*",
"matchCriteriaId": "9C57A1E3-E10B-4E9D-93B3-61F6B6D22880",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hp:eliteone_870_g9:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F811B97B-DD3B-43E7-9A56-AF42AD16A08F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:mini_conferencing_pc_firmware:02.05.00:*:*:*:*:*:*:*",
"matchCriteriaId": "6D827F7E-AC12-4967-95CB-E8D396CBADAC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hp:mini_conferencing_pc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B73ECB6E-DFFF-4FCC-AA64-F3A3CB9C92F8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:pro_mini_400_g9_firmware:02.05.00:*:*:*:*:*:*:*",
"matchCriteriaId": "3888DDF4-D7D3-4CE1-8B13-0D8CF3EA85A6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hp:pro_mini_400_g9:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F33FD50E-CF52-4423-9C62-512E228B659E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:pro_sff_400_g9_firmware:02.05.00:*:*:*:*:*:*:*",
"matchCriteriaId": "C52AD354-5853-4348-911D-AA25ED5EA6E9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hp:pro_sff_400_g9:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D30639B5-8CDA-4923-89F4-BC14C59532E7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:pro_tower_400_g9_firmware:02.05.00:*:*:*:*:*:*:*",
"matchCriteriaId": "7D720EC9-D11A-4801-8F51-A9CECED4516D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hp:pro_tower_400_g9:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2C655883-292C-458B-A679-F063C06CCA67",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:pro_tower_480_g9_firmware:02.05.00:*:*:*:*:*:*:*",
"matchCriteriaId": "60CEEE3D-7CD9-4B9A-90E1-019B2BA59874",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hp:pro_tower_480_g9:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FFEBA395-4A52-42F9-92EC-11D871E131AD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:prodesk_405_g8_firmware:02.05.02:*:*:*:*:*:*:*",
"matchCriteriaId": "B22FFFD4-5A42-4FA5-A6B8-E79725BD2423",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hp:prodesk_405_g8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "16D5044F-BBBA-4D9B-AACA-3F513CEF65E8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:prodesk_405_g8_firmware:02.05.02:*:*:*:*:*:*:*",
"matchCriteriaId": "B22FFFD4-5A42-4FA5-A6B8-E79725BD2423",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hp:prodesk_405_g8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "16D5044F-BBBA-4D9B-AACA-3F513CEF65E8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:proone_440_g9_firmware:02.05.00:*:*:*:*:*:*:*",
"matchCriteriaId": "F6B3EE94-51DC-4C1A-BA6C-2BFBB03EC24B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hp:proone_440_g9:-:*:*:*:*:*:*:*",
"matchCriteriaId": "88F51B69-FC10-4D39-8EB3-D45A44CBB6A9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:z1_g8_tower_firmware:02.09.01:*:*:*:*:*:*:*",
"matchCriteriaId": "F1BF7420-E482-404A-B1EE-0CB174661AA4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hp:z1_g8_tower:-:*:*:*:*:*:*:*",
"matchCriteriaId": "875FD00D-4C03-4C29-90FB-5FF32B54BEA8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:z1_g9_tower_firmware:02.05.01:*:*:*:*:*:*:*",
"matchCriteriaId": "3AB95021-DD40-4E63-9C58-730B371DC3A1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hp:z1_g9_tower:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D1D8247A-B608-46F1-9485-F23E425F75AF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:engage_go_10_firmware:01.10.00:*:*:*:*:*:*:*",
"matchCriteriaId": "0590F5FF-CF3F-4003-917B-4C523B0BB9EB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hp:engage_go_10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9939FEC0-618D-4FB1-9391-08BFE9F7A699",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:hp_z2_mini_g9_firmware:01.04.00:*:*:*:*:*:*:*",
"matchCriteriaId": "3DD8CD53-D9A2-43D1-AD2B-E209116F909F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hp:hp_z2_mini_g9:-:*:*:*:*:*:*:*",
"matchCriteriaId": "28E3E375-C41B-427F-BEB8-FA2DCE80D691",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:hp_z2_small_form_factor_g8_firmware:01.05.02:*:*:*:*:*:*:*",
"matchCriteriaId": "4E5D811D-0507-456E-8DED-BE55FE164C3A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hp:hp_z2_small_form_factor_g8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B89AE6F1-7AB0-4BFF-A08F-954CB7677F19",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:hp_z2_small_form_factor_g9_firmware:01.04.00:*:*:*:*:*:*:*",
"matchCriteriaId": "AF93DFB2-26D2-4176-B27C-DD33CB1EFC49",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hp:hp_z2_small_form_factor_g9:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7C954ECA-2AF5-4409-92B9-9401E50208BF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:hp_z2_tower_g8_firmware:01.05.02:*:*:*:*:*:*:*",
"matchCriteriaId": "736C82FC-B965-4EAF-A7B1-889958D64E45",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hp:hp_z2_tower_g8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "790ADD71-5A74-4B0F-8A94-23D70816DE86",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:hp_z2_tower_g9_firmware:01.04.00:*:*:*:*:*:*:*",
"matchCriteriaId": "22553BC4-A941-4369-85B8-7D01227C86ED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hp:hp_z2_tower_g9:-:*:*:*:*:*:*:*",
"matchCriteriaId": "54279DE4-A2A4-4AA6-A05F-931094446F16",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:pro_mt440_g3_firmware:01.05.00:*:*:*:*:*:*:*",
"matchCriteriaId": "4964FFD0-1955-45C1-BB74-BD148505508C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hp:pro_mt440_g3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5CD2DA81-481B-4A5A-835F-EE3A37FEE9EB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:elite_mt645_g7_firmware:01.10.01:*:*:*:*:*:*:*",
"matchCriteriaId": "CE5544BD-BA8B-4851-9276-E3FBDE8523FE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hp:elite_mt645_g7:-:*:*:*:*:*:*:*",
"matchCriteriaId": "091A48AF-0E86-4A44-9B73-83BB001F63E9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A potential security vulnerability has been identified in the system BIOS for certain HP PC products which may allow loss of integrity. HP is releasing firmware updates to mitigate the potential vulnerability."
}
],
"id": "CVE-2022-31643",
"lastModified": "2025-01-30T17:15:10.763",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-04-28T16:15:09.640",
"references": [
{
"source": "hp-security-alert@hp.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hp.com/us-en/document/ish_7013183-7013209-16/hpsbhf03812"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hp.com/us-en/document/ish_7013183-7013209-16/hpsbhf03812"
}
],
"sourceIdentifier": "hp-security-alert@hp.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-11-28 21:15
Modified
2024-11-21 07:56
Severity ?
4.1 (Medium) - CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
4.3 (Medium) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
4.3 (Medium) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Summary
The FACSChorus software contains sensitive information stored in plaintext. A threat actor could gain hardcoded secrets used by the application, which include tokens and passwords for administrative accounts.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bd | facschorus | 5.0 | |
| bd | facschorus | 5.1 | |
| hp | hp_z2_tower_g9 | - | |
| bd | facschorus | 3.0 | |
| bd | facschorus | 3.1 | |
| hp | hp_z2_tower_g5 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bd:facschorus:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4D5E0D4F-559B-414E-A627-0BA0937BD7F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bd:facschorus:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "57F63FB2-2AE2-4B5F-8B49-4A0A4549CF3E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hp:hp_z2_tower_g9:-:*:*:*:*:*:*:*",
"matchCriteriaId": "54279DE4-A2A4-4AA6-A05F-931094446F16",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bd:facschorus:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2785D17E-800C-4772-A131-5737E9446C01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bd:facschorus:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "30FD1DE4-982F-4D14-BB8A-478F8430BC63",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hp:hp_z2_tower_g5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7E9BA28D-9C14-435A-9786-222BE58A9258",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The FACSChorus software contains sensitive information stored in plaintext. A threat actor could gain hardcoded secrets used by the application, which include tokens and passwords for administrative accounts."
},
{
"lang": "es",
"value": "El software FACSChorus contiene informaci\u00f3n confidencial almacenada en texto plano. Un actor de amenazas podr\u00eda obtener secretos codificados utilizados por la aplicaci\u00f3n, que incluyen tokens y contrase\u00f1as para cuentas administrativas."
}
],
"id": "CVE-2023-29064",
"lastModified": "2024-11-21T07:56:29.260",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "LOW",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 0.7,
"impactScore": 3.4,
"source": "cybersecurity@bd.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 3.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-28T21:15:07.800",
"references": [
{
"source": "cybersecurity@bd.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-facschorus-software"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-facschorus-software"
}
],
"sourceIdentifier": "cybersecurity@bd.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-798"
}
],
"source": "cybersecurity@bd.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-798"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-11-28 21:15
Modified
2024-11-21 07:56
Severity ?
5.2 (Medium) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
5.2 (Medium) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
5.2 (Medium) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
Summary
There is no BIOS password on the FACSChorus workstation. A threat actor with physical access to the workstation can potentially exploit this vulnerability to access the BIOS configuration and modify the drive boot order and BIOS pre-boot authentication.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bd | facschorus | 5.0 | |
| bd | facschorus | 5.1 | |
| hp | hp_z2_tower_g9 | - | |
| bd | facschorus | 3.0 | |
| bd | facschorus | 3.1 | |
| hp | hp_z2_tower_g5 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bd:facschorus:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4D5E0D4F-559B-414E-A627-0BA0937BD7F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bd:facschorus:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "57F63FB2-2AE2-4B5F-8B49-4A0A4549CF3E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hp:hp_z2_tower_g9:-:*:*:*:*:*:*:*",
"matchCriteriaId": "54279DE4-A2A4-4AA6-A05F-931094446F16",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bd:facschorus:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2785D17E-800C-4772-A131-5737E9446C01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bd:facschorus:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "30FD1DE4-982F-4D14-BB8A-478F8430BC63",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hp:hp_z2_tower_g5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7E9BA28D-9C14-435A-9786-222BE58A9258",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There is no BIOS password on the FACSChorus workstation. A threat actor with physical access to the workstation can potentially exploit this vulnerability to access the BIOS configuration and modify the drive boot order and BIOS pre-boot authentication."
},
{
"lang": "es",
"value": "No existe una contrase\u00f1a de BIOS en la estaci\u00f3n de trabajo FACSChorus. Un actor de amenazas con acceso f\u00edsico a la estaci\u00f3n de trabajo puede explotar esta vulnerabilidad para acceder a la configuraci\u00f3n del BIOS y modificar el orden de inicio de la unidad y la autenticaci\u00f3n previa al inicio del BIOS."
}
],
"id": "CVE-2023-29061",
"lastModified": "2024-11-21T07:56:28.900",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 4.2,
"source": "cybersecurity@bd.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 4.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-28T21:15:07.257",
"references": [
{
"source": "cybersecurity@bd.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-facschorus-software"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-facschorus-software"
}
],
"sourceIdentifier": "cybersecurity@bd.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "cybersecurity@bd.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-11-28 21:15
Modified
2024-11-21 07:56
Severity ?
3.8 (Low) - CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N
3.8 (Low) - CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N
3.8 (Low) - CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N
Summary
The Operating System hosting the FACSChorus application is configured to allow transmission of hashed user credentials upon user action without adequately validating the identity of the requested resource. This is possible through the use of LLMNR, MBT-NS, or MDNS and will result in NTLMv2 hashes being sent to a malicious entity position on the local network. These hashes can subsequently be attacked through brute force and cracked if a weak password is used. This attack would only apply to domain joined systems.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bd | facschorus | 5.0 | |
| bd | facschorus | 5.1 | |
| hp | hp_z2_tower_g9 | - | |
| bd | facschorus | 3.0 | |
| bd | facschorus | 3.1 | |
| hp | hp_z2_tower_g5 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bd:facschorus:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4D5E0D4F-559B-414E-A627-0BA0937BD7F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bd:facschorus:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "57F63FB2-2AE2-4B5F-8B49-4A0A4549CF3E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hp:hp_z2_tower_g9:-:*:*:*:*:*:*:*",
"matchCriteriaId": "54279DE4-A2A4-4AA6-A05F-931094446F16",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bd:facschorus:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2785D17E-800C-4772-A131-5737E9446C01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bd:facschorus:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "30FD1DE4-982F-4D14-BB8A-478F8430BC63",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hp:hp_z2_tower_g5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7E9BA28D-9C14-435A-9786-222BE58A9258",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Operating System hosting the FACSChorus application is configured to allow transmission of hashed user credentials upon user action without adequately validating the identity of the requested resource. This is possible through the use of LLMNR, MBT-NS, or MDNS and will result in NTLMv2 hashes being sent to a malicious entity position on the local network. These hashes can subsequently be attacked through brute force and cracked if a weak password is used. This attack would only apply to domain joined systems."
},
{
"lang": "es",
"value": "El sistema operativo que aloja la aplicaci\u00f3n FACSChorus est\u00e1 configurado para permitir la transmisi\u00f3n de credenciales de usuario con hash tras la acci\u00f3n del usuario sin validar adecuadamente la identidad del recurso solicitado. Esto es posible mediante el uso de LLMNR, MBT-NS o MDNS y dar\u00e1 como resultado el env\u00edo de hashes NTLMv2 a una posici\u00f3n de entidad maliciosa en la red local. Posteriormente, estos hashes pueden atacarse mediante fuerza bruta y descifrarse si se utiliza una contrase\u00f1a d\u00e9bil. Este ataque s\u00f3lo se aplicar\u00eda a sistemas unidos a un dominio."
}
],
"id": "CVE-2023-29062",
"lastModified": "2024-11-21T07:56:29.017",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4,
"source": "cybersecurity@bd.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-28T21:15:07.440",
"references": [
{
"source": "cybersecurity@bd.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-facschorus-software"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-facschorus-software"
}
],
"sourceIdentifier": "cybersecurity@bd.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "cybersecurity@bd.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-11-28 21:15
Modified
2024-11-21 07:56
Severity ?
2.4 (Low) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
2.4 (Low) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
2.4 (Low) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
The FACSChorus workstation does not prevent physical access to its PCI express (PCIe) slots, which could allow a threat actor to insert a PCI card designed for memory capture. A threat actor can then isolate sensitive information such as a BitLocker encryption key from a dump of the workstation RAM during startup.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bd | facschorus | 5.0 | |
| bd | facschorus | 5.1 | |
| hp | hp_z2_tower_g9 | - | |
| bd | facschorus | 3.0 | |
| bd | facschorus | 3.1 | |
| hp | hp_z2_tower_g5 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bd:facschorus:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4D5E0D4F-559B-414E-A627-0BA0937BD7F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bd:facschorus:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "57F63FB2-2AE2-4B5F-8B49-4A0A4549CF3E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hp:hp_z2_tower_g9:-:*:*:*:*:*:*:*",
"matchCriteriaId": "54279DE4-A2A4-4AA6-A05F-931094446F16",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bd:facschorus:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2785D17E-800C-4772-A131-5737E9446C01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bd:facschorus:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "30FD1DE4-982F-4D14-BB8A-478F8430BC63",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hp:hp_z2_tower_g5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7E9BA28D-9C14-435A-9786-222BE58A9258",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The FACSChorus workstation does not prevent physical access to its PCI express (PCIe) slots, which could allow a threat actor to insert a PCI card designed for memory capture. A threat actor can then isolate sensitive information such as a BitLocker encryption key from a dump of the workstation RAM during startup."
},
{
"lang": "es",
"value": "La estaci\u00f3n de trabajo FACSChorus no impide el acceso f\u00edsico a sus ranuras PCI express (PCIe), lo que podr\u00eda permitir que un actor de amenazas inserte una tarjeta PCI dise\u00f1ada para la captura de memoria. Luego, un actor de amenazas puede aislar informaci\u00f3n confidencial, como una clave de cifrado BitLocker, de un volcado de la RAM de la estaci\u00f3n de trabajo durante el inicio."
}
],
"id": "CVE-2023-29063",
"lastModified": "2024-11-21T07:56:29.133",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 2.4,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 1.4,
"source": "cybersecurity@bd.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 2.4,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-28T21:15:07.613",
"references": [
{
"source": "cybersecurity@bd.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-facschorus-software"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-facschorus-software"
}
],
"sourceIdentifier": "cybersecurity@bd.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-1299"
}
],
"source": "cybersecurity@bd.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-11-28 21:15
Modified
2024-11-21 07:56
Severity ?
3.2 (Low) - CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
3.5 (Low) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
3.5 (Low) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
Summary
The FACSChorus software does not properly assign data access privileges for operating system user accounts. A non-administrative OS account can modify information stored in the local application data folders.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bd | facschorus | 5.0 | |
| bd | facschorus | 5.1 | |
| hp | hp_z2_tower_g9 | - | |
| bd | facschorus | 3.0 | |
| bd | facschorus | 3.1 | |
| hp | hp_z2_tower_g5 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bd:facschorus:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4D5E0D4F-559B-414E-A627-0BA0937BD7F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bd:facschorus:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "57F63FB2-2AE2-4B5F-8B49-4A0A4549CF3E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hp:hp_z2_tower_g9:-:*:*:*:*:*:*:*",
"matchCriteriaId": "54279DE4-A2A4-4AA6-A05F-931094446F16",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bd:facschorus:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2785D17E-800C-4772-A131-5737E9446C01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bd:facschorus:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "30FD1DE4-982F-4D14-BB8A-478F8430BC63",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hp:hp_z2_tower_g5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7E9BA28D-9C14-435A-9786-222BE58A9258",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The FACSChorus software does not properly assign data access privileges for operating system user accounts. A non-administrative OS account can modify information stored in the local application data folders."
},
{
"lang": "es",
"value": "El software FACSChorus no asigna correctamente privilegios de acceso a datos para las cuentas de usuario del sistema operativo. Una cuenta de sistema operativo no administrativa puede modificar la informaci\u00f3n almacenada en las carpetas de datos de la aplicaci\u00f3n local."
}
],
"id": "CVE-2023-29066",
"lastModified": "2024-11-21T07:56:29.510",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "LOW",
"baseScore": 3.2,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 0.7,
"impactScore": 2.5,
"source": "cybersecurity@bd.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "LOW",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-28T21:15:08.173",
"references": [
{
"source": "cybersecurity@bd.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-facschorus-software"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-facschorus-software"
}
],
"sourceIdentifier": "cybersecurity@bd.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-266"
}
],
"source": "cybersecurity@bd.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2023-29062
Vulnerability from cvelistv5
Published
2023-11-28 20:34
Modified
2024-08-02 14:00
Severity ?
EPSS score ?
Summary
The Operating System hosting the FACSChorus application is configured to allow transmission of hashed user credentials upon user action without adequately validating the identity of the requested resource. This is possible through the use of LLMNR, MBT-NS, or MDNS and will result in NTLMv2 hashes being sent to a malicious entity position on the local network. These hashes can subsequently be attacked through brute force and cracked if a weak password is used. This attack would only apply to domain joined systems.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Becton, Dickinson and Company (BD) | FACSChorus |
Version: 5.0 < Version: 3.0 < |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:00:15.040Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-facschorus-software"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"64 bit"
],
"product": "FACSChorus",
"vendor": "Becton, Dickinson and Company (BD)",
"versions": [
{
"lessThanOrEqual": "5.1",
"status": "affected",
"version": "5.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "3.1",
"status": "affected",
"version": "3.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-11-28T14:24:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The Operating System hosting the FACSChorus application is configured to allow transmission of hashed user credentials upon user action without adequately validating the identity of the requested resource. This is possible through the use of LLMNR, MBT-NS, or MDNS and will result in NTLMv2 hashes being sent to a malicious entity position on the local network. These hashes can subsequently be attacked through brute force and cracked if a weak password is used. This attack would only apply to domain joined systems."
}
],
"value": "The Operating System hosting the FACSChorus application is configured to allow transmission of hashed user credentials upon user action without adequately validating the identity of the requested resource. This is possible through the use of LLMNR, MBT-NS, or MDNS and will result in NTLMv2 hashes being sent to a malicious entity position on the local network. These hashes can subsequently be attacked through brute force and cracked if a weak password is used. This attack would only apply to domain joined systems."
}
],
"impacts": [
{
"capecId": "CAPEC-194",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-194 Fake the Source of Data"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-28T20:34:22.945Z",
"orgId": "2325d071-eabf-4b7b-a4ea-0819b6629a18",
"shortName": "BD"
},
"references": [
{
"url": "https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-facschorus-software"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Unsecure Identity Verification",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cul\u003e\u003c/ul\u003e\n\n\n\nVulnerabilities associated with the BD FACSChorus software and workstations will be addressed in an upcoming release. This bulletin will be updated when more information is available. Please check periodically for updates. Additionally, BD recommends the following mitigations and compensating controls to reduce risk associated with these vulnerabilities. The following recommendations apply to all vulnerabilities listed in this bulletin:\u003cbr\u003e\u003cul\u003e\u003cli\u003eEnsure physical access controls are in place and only authorized end-users have access to the BD FACSChorus Software and respective workstation.\u003c/li\u003e\u003cli\u003eIf the BD FACSChorus workstation is connected to the local network, ensure industry standard network security policies and procedures are followed.\u003c/li\u003e\u003cli\u003eAdministrative access to the FACSChorus software and workstation should be strictly controlled by the customer in collaboration with their local IT security policy.\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "\n\n\n\n\nVulnerabilities associated with the BD FACSChorus software and workstations will be addressed in an upcoming release. This bulletin will be updated when more information is available. Please check periodically for updates. Additionally, BD recommends the following mitigations and compensating controls to reduce risk associated with these vulnerabilities. The following recommendations apply to all vulnerabilities listed in this bulletin:\n * Ensure physical access controls are in place and only authorized end-users have access to the BD FACSChorus Software and respective workstation.\n * If the BD FACSChorus workstation is connected to the local network, ensure industry standard network security policies and procedures are followed.\n * Administrative access to the FACSChorus software and workstation should be strictly controlled by the customer in collaboration with their local IT security policy.\n\n\n"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "2325d071-eabf-4b7b-a4ea-0819b6629a18",
"assignerShortName": "BD",
"cveId": "CVE-2023-29062",
"datePublished": "2023-11-28T20:34:22.945Z",
"dateReserved": "2023-03-30T21:10:17.526Z",
"dateUpdated": "2024-08-02T14:00:15.040Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-29065
Vulnerability from cvelistv5
Published
2023-11-28 20:35
Modified
2024-12-02 19:28
Severity ?
EPSS score ?
Summary
The FACSChorus software database can be accessed directly with the privileges of the currently logged-in user. A threat actor with physical access could potentially gain credentials, which could be used to alter or destroy data stored in the database.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Becton, Dickinson and Company (BD) | FACSChorus |
Version: 5.0 < |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:00:14.915Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-facschorus-software"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-29065",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2023-12-09T05:05:46.444290Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-02T19:28:37.461Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"64 bit"
],
"product": "FACSChorus",
"vendor": "Becton, Dickinson and Company (BD)",
"versions": [
{
"lessThanOrEqual": "5.1",
"status": "affected",
"version": "5.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-11-28T14:24:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The FACSChorus software database can be accessed directly with the privileges of the currently logged-in user. A threat actor with physical access could potentially gain credentials, which could be used to alter or destroy data stored in the database."
}
],
"value": "The FACSChorus software database can be accessed directly with the privileges of the currently logged-in user. A threat actor with physical access could potentially gain credentials, which could be used to alter or destroy data stored in the database."
}
],
"impacts": [
{
"capecId": "CAPEC-1",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "LOW",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-277",
"description": "CWE-277 Insecure Inherited Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-28T20:35:59.061Z",
"orgId": "2325d071-eabf-4b7b-a4ea-0819b6629a18",
"shortName": "BD"
},
"references": [
{
"url": "https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-facschorus-software"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Overly Permissive Access Policy",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\n\nVulnerabilities associated with the BD FACSChorus software and workstations will be addressed in an upcoming release. This bulletin will be updated when more information is available. Please check periodically for updates. Additionally, BD recommends the following mitigations and compensating controls to reduce risk associated with these vulnerabilities. The following recommendations apply to all vulnerabilities listed in this bulletin:\u003cbr\u003e\u003cul\u003e\u003cli\u003eEnsure physical access controls are in place and only authorized end-users have access to the BD FACSChorus Software and respective workstation.\u003c/li\u003e\u003cli\u003eIf the BD FACSChorus workstation is connected to the local network, ensure industry standard network security policies and procedures are followed.\u003c/li\u003e\u003cli\u003eAdministrative access to the FACSChorus software and workstation should be strictly controlled by the customer in collaboration with their local IT security policy.\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "\n\n\nVulnerabilities associated with the BD FACSChorus software and workstations will be addressed in an upcoming release. This bulletin will be updated when more information is available. Please check periodically for updates. Additionally, BD recommends the following mitigations and compensating controls to reduce risk associated with these vulnerabilities. The following recommendations apply to all vulnerabilities listed in this bulletin:\n * Ensure physical access controls are in place and only authorized end-users have access to the BD FACSChorus Software and respective workstation.\n * If the BD FACSChorus workstation is connected to the local network, ensure industry standard network security policies and procedures are followed.\n * Administrative access to the FACSChorus software and workstation should be strictly controlled by the customer in collaboration with their local IT security policy.\n\n\n"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "2325d071-eabf-4b7b-a4ea-0819b6629a18",
"assignerShortName": "BD",
"cveId": "CVE-2023-29065",
"datePublished": "2023-11-28T20:35:59.061Z",
"dateReserved": "2023-03-30T21:10:17.527Z",
"dateUpdated": "2024-12-02T19:28:37.461Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-31643
Vulnerability from cvelistv5
Published
2023-04-28 15:41
Modified
2025-01-30 17:05
Severity ?
EPSS score ?
Summary
A potential security vulnerability has been identified in the system BIOS for certain HP PC products which may allow loss of integrity. HP is releasing firmware updates to mitigate the potential vulnerability.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HP Inc. | HP PC BIOS |
Version: See HP Security Bulletin reference for affected versions. |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:26:00.995Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.hp.com/us-en/document/ish_7013183-7013209-16/hpsbhf03812"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-31643",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-30T17:05:15.359949Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-30T17:05:19.529Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "HP PC BIOS",
"vendor": "HP Inc.",
"versions": [
{
"status": "affected",
"version": "See HP Security Bulletin reference for affected versions."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A potential security vulnerability has been identified in the system BIOS for certain HP PC products which may allow loss of integrity. HP is releasing firmware updates to mitigate the potential vulnerability."
}
],
"providerMetadata": {
"dateUpdated": "2023-04-28T15:41:22.641Z",
"orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
"shortName": "hp"
},
"references": [
{
"url": "https://support.hp.com/us-en/document/ish_7013183-7013209-16/hpsbhf03812"
}
],
"x_generator": {
"engine": "cveClient/1.0.13"
}
}
},
"cveMetadata": {
"assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
"assignerShortName": "hp",
"cveId": "CVE-2022-31643",
"datePublished": "2023-04-28T15:41:22.641Z",
"dateReserved": "2022-05-25T21:05:10.868Z",
"dateUpdated": "2025-01-30T17:05:19.529Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-29063
Vulnerability from cvelistv5
Published
2023-11-28 20:34
Modified
2024-08-02 14:00
Severity ?
EPSS score ?
Summary
The FACSChorus workstation does not prevent physical access to its PCI express (PCIe) slots, which could allow a threat actor to insert a PCI card designed for memory capture. A threat actor can then isolate sensitive information such as a BitLocker encryption key from a dump of the workstation RAM during startup.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Becton, Dickinson and Company (BD) | FACSChorus |
Version: 5.0 < Version: 3.0 < |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:00:14.934Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-facschorus-software"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"64 bit"
],
"product": "FACSChorus",
"vendor": "Becton, Dickinson and Company (BD)",
"versions": [
{
"lessThanOrEqual": "5.1",
"status": "affected",
"version": "5.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "3.1",
"status": "affected",
"version": "3.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-11-28T14:24:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The FACSChorus workstation does not prevent physical access to its PCI express (PCIe) slots, which could allow a threat actor to insert a PCI card designed for memory capture. A threat actor can then isolate sensitive information such as a BitLocker encryption key from a dump of the workstation RAM during startup."
}
],
"value": "The FACSChorus workstation does not prevent physical access to its PCI express (PCIe) slots, which could allow a threat actor to insert a PCI card designed for memory capture. A threat actor can then isolate sensitive information such as a BitLocker encryption key from a dump of the workstation RAM during startup."
}
],
"impacts": [
{
"capecId": "CAPEC-121",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-121 Exploit Non-Production Interfaces"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 2.4,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1299",
"description": "CWE-1299 Missing Protection Mechanism for Alternate Hardware Interface",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-28T20:34:59.290Z",
"orgId": "2325d071-eabf-4b7b-a4ea-0819b6629a18",
"shortName": "BD"
},
"references": [
{
"url": "https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-facschorus-software"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Lack of DMA Access Protections",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\n\nVulnerabilities associated with the BD FACSChorus software and workstations will be addressed in an upcoming release. This bulletin will be updated when more information is available. Please check periodically for updates. Additionally, BD recommends the following mitigations and compensating controls to reduce risk associated with these vulnerabilities. The following recommendations apply to all vulnerabilities listed in this bulletin:\u003cbr\u003e\u003cul\u003e\u003cli\u003eEnsure physical access controls are in place and only authorized end-users have access to the BD FACSChorus Software and respective workstation.\u003c/li\u003e\u003cli\u003eIf the BD FACSChorus workstation is connected to the local network, ensure industry standard network security policies and procedures are followed.\u003c/li\u003e\u003cli\u003eAdministrative access to the FACSChorus software and workstation should be strictly controlled by the customer in collaboration with their local IT security policy.\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "\n\n\nVulnerabilities associated with the BD FACSChorus software and workstations will be addressed in an upcoming release. This bulletin will be updated when more information is available. Please check periodically for updates. Additionally, BD recommends the following mitigations and compensating controls to reduce risk associated with these vulnerabilities. The following recommendations apply to all vulnerabilities listed in this bulletin:\n * Ensure physical access controls are in place and only authorized end-users have access to the BD FACSChorus Software and respective workstation.\n * If the BD FACSChorus workstation is connected to the local network, ensure industry standard network security policies and procedures are followed.\n * Administrative access to the FACSChorus software and workstation should be strictly controlled by the customer in collaboration with their local IT security policy.\n\n\n"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "2325d071-eabf-4b7b-a4ea-0819b6629a18",
"assignerShortName": "BD",
"cveId": "CVE-2023-29063",
"datePublished": "2023-11-28T20:34:59.290Z",
"dateReserved": "2023-03-30T21:10:17.526Z",
"dateUpdated": "2024-08-02T14:00:14.934Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-29061
Vulnerability from cvelistv5
Published
2023-11-28 20:33
Modified
2024-08-02 14:00
Severity ?
EPSS score ?
Summary
There is no BIOS password on the FACSChorus workstation. A threat actor with physical access to the workstation can potentially exploit this vulnerability to access the BIOS configuration and modify the drive boot order and BIOS pre-boot authentication.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Becton, Dickinson and Company (BD) | FACSChorus |
Version: 5.0 < Version: 3.0 < |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:00:14.960Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-facschorus-software"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"64 bit"
],
"product": "FACSChorus",
"vendor": "Becton, Dickinson and Company (BD)",
"versions": [
{
"lessThanOrEqual": "5.1",
"status": "affected",
"version": "5.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "3.1",
"status": "affected",
"version": "3.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-11-28T14:24:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There is no BIOS password on the FACSChorus workstation. A threat actor with physical access to the workstation can potentially exploit this vulnerability to access the BIOS configuration and modify the drive boot order and BIOS pre-boot authentication."
}
],
"value": "There is no BIOS password on the FACSChorus workstation. A threat actor with physical access to the workstation can potentially exploit this vulnerability to access the BIOS configuration and modify the drive boot order and BIOS pre-boot authentication."
}
],
"impacts": [
{
"capecId": "CAPEC-122",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-122 Privilege Abuse"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-28T20:33:44.065Z",
"orgId": "2325d071-eabf-4b7b-a4ea-0819b6629a18",
"shortName": "BD"
},
"references": [
{
"url": "https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-facschorus-software"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Lack of Adequate BIOS Authentication",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cul\u003e\u003c/ul\u003e\n\n\n\nVulnerabilities associated with the BD FACSChorus software and workstations will be addressed in an upcoming release. This bulletin will be updated when more information is available. Please check periodically for updates. Additionally, BD recommends the following mitigations and compensating controls to reduce risk associated with these vulnerabilities. The following recommendations apply to all vulnerabilities listed in this bulletin:\u003cbr\u003e\u003cul\u003e\u003cli\u003eEnsure physical access controls are in place and only authorized end-users have access to the BD FACSChorus Software and respective workstation.\u003c/li\u003e\u003cli\u003eIf the BD FACSChorus workstation is connected to the local network, ensure industry standard network security policies and procedures are followed.\u003c/li\u003e\u003cli\u003eAdministrative access to the FACSChorus software and workstation should be strictly controlled by the customer in collaboration with their local IT security policy.\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "\n\n\n\n\nVulnerabilities associated with the BD FACSChorus software and workstations will be addressed in an upcoming release. This bulletin will be updated when more information is available. Please check periodically for updates. Additionally, BD recommends the following mitigations and compensating controls to reduce risk associated with these vulnerabilities. The following recommendations apply to all vulnerabilities listed in this bulletin:\n * Ensure physical access controls are in place and only authorized end-users have access to the BD FACSChorus Software and respective workstation.\n * If the BD FACSChorus workstation is connected to the local network, ensure industry standard network security policies and procedures are followed.\n * Administrative access to the FACSChorus software and workstation should be strictly controlled by the customer in collaboration with their local IT security policy.\n\n\n"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "2325d071-eabf-4b7b-a4ea-0819b6629a18",
"assignerShortName": "BD",
"cveId": "CVE-2023-29061",
"datePublished": "2023-11-28T20:33:44.065Z",
"dateReserved": "2023-03-30T21:10:17.526Z",
"dateUpdated": "2024-08-02T14:00:14.960Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-29066
Vulnerability from cvelistv5
Published
2023-11-28 20:36
Modified
2024-08-02 14:00
Severity ?
EPSS score ?
Summary
The FACSChorus software does not properly assign data access privileges for operating system user accounts. A non-administrative OS account can modify information stored in the local application data folders.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Becton, Dickinson and Company (BD) | FACSChorus |
Version: 5.0 < |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:00:15.314Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-facschorus-software"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"64 bit"
],
"product": "FACSChorus",
"vendor": "Becton, Dickinson and Company (BD)",
"versions": [
{
"lessThanOrEqual": "5.1",
"status": "affected",
"version": "5.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-11-28T14:24:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The FACSChorus software does not properly assign data access privileges for operating system user accounts. A non-administrative OS account can modify information stored in the local application data folders."
}
],
"value": "The FACSChorus software does not properly assign data access privileges for operating system user accounts. A non-administrative OS account can modify information stored in the local application data folders."
}
],
"impacts": [
{
"capecId": "CAPEC-639",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-639 Probe System Files"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "LOW",
"baseScore": 3.2,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "CWE-266 Incorrect Privilege Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-28T20:36:13.494Z",
"orgId": "2325d071-eabf-4b7b-a4ea-0819b6629a18",
"shortName": "BD"
},
"references": [
{
"url": "https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-facschorus-software"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Incorrect User Management",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\n\nVulnerabilities associated with the BD FACSChorus software and workstations will be addressed in an upcoming release. This bulletin will be updated when more information is available. Please check periodically for updates. Additionally, BD recommends the following mitigations and compensating controls to reduce risk associated with these vulnerabilities. The following recommendations apply to all vulnerabilities listed in this bulletin:\u003cbr\u003e\u003cul\u003e\u003cli\u003eEnsure physical access controls are in place and only authorized end-users have access to the BD FACSChorus Software and respective workstation.\u003c/li\u003e\u003cli\u003eIf the BD FACSChorus workstation is connected to the local network, ensure industry standard network security policies and procedures are followed.\u003c/li\u003e\u003cli\u003eAdministrative access to the FACSChorus software and workstation should be strictly controlled by the customer in collaboration with their local IT security policy.\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "\n\n\nVulnerabilities associated with the BD FACSChorus software and workstations will be addressed in an upcoming release. This bulletin will be updated when more information is available. Please check periodically for updates. Additionally, BD recommends the following mitigations and compensating controls to reduce risk associated with these vulnerabilities. The following recommendations apply to all vulnerabilities listed in this bulletin:\n * Ensure physical access controls are in place and only authorized end-users have access to the BD FACSChorus Software and respective workstation.\n * If the BD FACSChorus workstation is connected to the local network, ensure industry standard network security policies and procedures are followed.\n * Administrative access to the FACSChorus software and workstation should be strictly controlled by the customer in collaboration with their local IT security policy.\n\n\n"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "2325d071-eabf-4b7b-a4ea-0819b6629a18",
"assignerShortName": "BD",
"cveId": "CVE-2023-29066",
"datePublished": "2023-11-28T20:36:13.494Z",
"dateReserved": "2023-03-30T21:10:17.527Z",
"dateUpdated": "2024-08-02T14:00:15.314Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-29064
Vulnerability from cvelistv5
Published
2023-11-28 20:35
Modified
2024-10-11 17:57
Severity ?
EPSS score ?
Summary
The FACSChorus software contains sensitive information stored in plaintext. A threat actor could gain hardcoded secrets used by the application, which include tokens and passwords for administrative accounts.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Becton, Dickinson and Company (BD) | FACSChorus |
Version: 5.0 < |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:00:15.704Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-facschorus-software"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-29064",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-11T17:51:34.260250Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-11T17:57:54.519Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"64 bit"
],
"product": "FACSChorus",
"vendor": "Becton, Dickinson and Company (BD)",
"versions": [
{
"lessThanOrEqual": "5.1",
"status": "affected",
"version": "5.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-11-28T14:24:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The FACSChorus software contains sensitive information stored in plaintext. A threat actor could gain hardcoded secrets used by the application, which include tokens and passwords for administrative accounts."
}
],
"value": "The FACSChorus software contains sensitive information stored in plaintext. A threat actor could gain hardcoded secrets used by the application, which include tokens and passwords for administrative accounts."
}
],
"impacts": [
{
"capecId": "CAPEC-191",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-191 Read Sensitive Strings Within an Executable"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "LOW",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798 Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-28T20:35:30.214Z",
"orgId": "2325d071-eabf-4b7b-a4ea-0819b6629a18",
"shortName": "BD"
},
"references": [
{
"url": "https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-facschorus-software"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Hardcoded Secrets",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\n\nVulnerabilities associated with the BD FACSChorus software and workstations will be addressed in an upcoming release. This bulletin will be updated when more information is available. Please check periodically for updates. Additionally, BD recommends the following mitigations and compensating controls to reduce risk associated with these vulnerabilities. The following recommendations apply to all vulnerabilities listed in this bulletin:\u003cbr\u003e\u003cul\u003e\u003cli\u003eEnsure physical access controls are in place and only authorized end-users have access to the BD FACSChorus Software and respective workstation.\u003c/li\u003e\u003cli\u003eIf the BD FACSChorus workstation is connected to the local network, ensure industry standard network security policies and procedures are followed.\u003c/li\u003e\u003cli\u003eAdministrative access to the FACSChorus software and workstation should be strictly controlled by the customer in collaboration with their local IT security policy.\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "\n\n\nVulnerabilities associated with the BD FACSChorus software and workstations will be addressed in an upcoming release. This bulletin will be updated when more information is available. Please check periodically for updates. Additionally, BD recommends the following mitigations and compensating controls to reduce risk associated with these vulnerabilities. The following recommendations apply to all vulnerabilities listed in this bulletin:\n * Ensure physical access controls are in place and only authorized end-users have access to the BD FACSChorus Software and respective workstation.\n * If the BD FACSChorus workstation is connected to the local network, ensure industry standard network security policies and procedures are followed.\n * Administrative access to the FACSChorus software and workstation should be strictly controlled by the customer in collaboration with their local IT security policy.\n\n\n"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "2325d071-eabf-4b7b-a4ea-0819b6629a18",
"assignerShortName": "BD",
"cveId": "CVE-2023-29064",
"datePublished": "2023-11-28T20:35:30.214Z",
"dateReserved": "2023-03-30T21:10:17.526Z",
"dateUpdated": "2024-10-11T17:57:54.519Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-29060
Vulnerability from cvelistv5
Published
2023-11-28 20:07
Modified
2024-08-02 14:00
Severity ?
EPSS score ?
Summary
The FACSChorus workstation operating system does not restrict what devices can interact with its USB ports. If exploited, a threat actor with physical access to the workstation could gain access to system information and potentially exfiltrate data.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Becton, Dickinson and Company (BD) | FACSChorus |
Version: 5.0 < Version: 3.0 < |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:00:14.601Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-facschorus-software"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"64 bit"
],
"product": "FACSChorus",
"vendor": "Becton, Dickinson and Company (BD)",
"versions": [
{
"lessThanOrEqual": "5.1",
"status": "affected",
"version": "5.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "3.1",
"status": "affected",
"version": "3.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-11-28T14:24:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The FACSChorus workstation operating system does not restrict what devices can interact with its USB ports. If exploited, a threat actor with physical access to the workstation could gain access to system information and potentially exfiltrate data."
}
],
"value": "The FACSChorus workstation operating system does not restrict what devices can interact with its USB ports. If exploited, a threat actor with physical access to the workstation could gain access to system information and potentially exfiltrate data."
}
],
"impacts": [
{
"capecId": "CAPEC-457",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-457 USB Memory Attacks"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1299",
"description": "CWE-1299 Missing Protection Mechanism for Alternate Hardware Interface",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-28T20:31:55.731Z",
"orgId": "2325d071-eabf-4b7b-a4ea-0819b6629a18",
"shortName": "BD"
},
"references": [
{
"url": "https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-facschorus-software"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Lack of USB Whitelisting",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Vulnerabilities associated with the BD FACSChorus software and workstations will be addressed in an upcoming release. This bulletin will be updated when more information is available. Please check periodically for updates. Additionally, BD recommends the following mitigations and compensating controls to reduce risk associated with these vulnerabilities. The following recommendations apply to all vulnerabilities listed in this bulletin:\u003cbr\u003e\u003cul\u003e\u003cli\u003eEnsure physical access controls are in place and only authorized end-users have access to the BD FACSChorus Software and respective workstation.\u003c/li\u003e\u003cli\u003eIf the BD FACSChorus workstation is connected to the local network, ensure industry standard network security policies and procedures are followed.\u003c/li\u003e\u003cli\u003eAdministrative access to the FACSChorus software and workstation should be strictly controlled by the customer in collaboration with their local IT security policy.\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "Vulnerabilities associated with the BD FACSChorus software and workstations will be addressed in an upcoming release. This bulletin will be updated when more information is available. Please check periodically for updates. Additionally, BD recommends the following mitigations and compensating controls to reduce risk associated with these vulnerabilities. The following recommendations apply to all vulnerabilities listed in this bulletin:\n * Ensure physical access controls are in place and only authorized end-users have access to the BD FACSChorus Software and respective workstation.\n * If the BD FACSChorus workstation is connected to the local network, ensure industry standard network security policies and procedures are followed.\n * Administrative access to the FACSChorus software and workstation should be strictly controlled by the customer in collaboration with their local IT security policy.\n\n\n"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "2325d071-eabf-4b7b-a4ea-0819b6629a18",
"assignerShortName": "BD",
"cveId": "CVE-2023-29060",
"datePublished": "2023-11-28T20:07:00.245Z",
"dateReserved": "2023-03-30T21:10:17.526Z",
"dateUpdated": "2024-08-02T14:00:14.601Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}