The Operating System hosting the FACSChorus application is configured to allow transmission of hashed user credentials upon user action without adequately validating the identity of the requested resource. This is possible through the use of LLMNR, MBT-NS, or MDNS and will result in NTLMv2 hashes being sent to a malicious entity position on the local network. These hashes can subsequently be attacked through brute force and cracked if a weak password is used. This attack would only apply to domain joined systems.
References
Link | Resource |
---|---|
https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-facschorus-software | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
History
05 Dec 2023, 14:44
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:bd:facschorus:5.0:*:*:*:*:*:*:* cpe:2.3:o:bd:facschorus:3.1:*:*:*:*:*:*:* cpe:2.3:o:bd:facschorus:5.1:*:*:*:*:*:*:* |
cpe:2.3:a:bd:facschorus:5.1:*:*:*:*:*:*:* cpe:2.3:a:bd:facschorus:5.0:*:*:*:*:*:*:* cpe:2.3:a:bd:facschorus:3.0:*:*:*:*:*:*:* cpe:2.3:a:bd:facschorus:3.1:*:*:*:*:*:*:* |
04 Dec 2023, 19:55
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-287 | |
First Time |
Hp hp Z2 Tower G5
Hp hp Z2 Tower G9 Bd Hp Bd facschorus |
|
References | () https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-facschorus-software - Vendor Advisory | |
CPE | cpe:2.3:h:hp:hp_z2_tower_g5:-:*:*:*:*:*:*:* cpe:2.3:h:hp:hp_z2_tower_g9:-:*:*:*:*:*:*:* cpe:2.3:o:bd:facschorus:5.0:*:*:*:*:*:*:* cpe:2.3:o:bd:facschorus:5.1:*:*:*:*:*:*:* cpe:2.3:o:bd:facschorus:3.0:*:*:*:*:*:*:* cpe:2.3:o:bd:facschorus:3.1:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 3.8 |
28 Nov 2023, 21:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-11-28 21:15
Updated : 2023-12-10 15:26
NVD link : CVE-2023-29062
Mitre link : CVE-2023-29062
CVE.ORG link : CVE-2023-29062
JSON object : View
Products Affected
hp
- hp_z2_tower_g5
- hp_z2_tower_g9
bd
- facschorus
CWE
CWE-287
Improper Authentication