{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-26T12:06:36.615","vulnerabilities":[{"cve":{"id":"CVE-2023-29062","sourceIdentifier":"cybersecurity@bd.com","published":"2023-11-28T21:15:07.440","lastModified":"2024-11-21T07:56:29.017","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The Operating System hosting the FACSChorus application is configured to allow transmission of hashed user credentials upon user action without adequately validating the identity of the requested resource. This is possible through the use of LLMNR, MBT-NS, or MDNS and will result in NTLMv2 hashes being sent to a malicious entity position on the local network. These hashes can subsequently be attacked through brute force and cracked if a weak password is used. This attack would only apply to domain joined systems."},{"lang":"es","value":"El sistema operativo que aloja la aplicación FACSChorus está configurado para permitir la transmisión de credenciales de usuario con hash tras la acción del usuario sin validar adecuadamente la identidad del recurso solicitado. Esto es posible mediante el uso de LLMNR, MBT-NS o MDNS y dará como resultado el envío de hashes NTLMv2 a una posición de entidad maliciosa en la red local. Posteriormente, estos hashes pueden atacarse mediante fuerza bruta y descifrarse si se utiliza una contraseña débil. Este ataque sólo se aplicaría a sistemas unidos a un dominio."}],"metrics":{"cvssMetricV31":[{"source":"cybersecurity@bd.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N","baseScore":3.8,"baseSeverity":"LOW","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.1,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N","baseScore":3.8,"baseSeverity":"LOW","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.1,"impactScore":1.4}]},"weaknesses":[{"source":"cybersecurity@bd.com","type":"Secondary","description":[{"lang":"en","value":"CWE-287"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-287"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:bd:facschorus:5.0:*:*:*:*:*:*:*","matchCriteriaId":"4D5E0D4F-559B-414E-A627-0BA0937BD7F1"},{"vulnerable":true,"criteria":"cpe:2.3:a:bd:facschorus:5.1:*:*:*:*:*:*:*","matchCriteriaId":"57F63FB2-2AE2-4B5F-8B49-4A0A4549CF3E"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:hp_z2_tower_g9:-:*:*:*:*:*:*:*","matchCriteriaId":"54279DE4-A2A4-4AA6-A05F-931094446F16"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:bd:facschorus:3.0:*:*:*:*:*:*:*","matchCriteriaId":"2785D17E-800C-4772-A131-5737E9446C01"},{"vulnerable":true,"criteria":"cpe:2.3:a:bd:facschorus:3.1:*:*:*:*:*:*:*","matchCriteriaId":"30FD1DE4-982F-4D14-BB8A-478F8430BC63"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:hp_z2_tower_g5:-:*:*:*:*:*:*:*","matchCriteriaId":"7E9BA28D-9C14-435A-9786-222BE58A9258"}]}]}],"references":[{"url":"https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-facschorus-software","source":"cybersecurity@bd.com","tags":["Vendor Advisory"]},{"url":"https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-facschorus-software","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}