CVE-2023-29063 : Security Advisory and Response
Discover the impact of CVE-2023-29063 affecting FACSChorus workstations by enabling unauthorized memory capture through PCI slots, compromising sensitive data security. Learn about mitigation steps.
A security vulnerability has been identified in the FACSChorus workstation software provided by Becton, Dickinson and Company (BD) that could allow a threat actor to extract sensitive information by inserting a PCI card into the workstation. Here is a detailed overview of CVE-2023-29063.
Understanding CVE-2023-29063
The vulnerability identified as CVE-2023-29063 in the FACSChorus workstation software poses a risk of memory capture through physical access to the PCI express (PCIe) slots, potentially exposing sensitive information.
What is CVE-2023-29063?
The FACSChorus workstation vulnerability allows threat actors to gain access to PCI slots and extract critical data like BitLocker encryption keys from the workstation's RAM during startup, presenting a security threat to confidential information.
The Impact of CVE-2023-29063
With a base score of 2.4 indicating a low severity level, this vulnerability, categorized under CAPEC-121, compromises confidentiality by enabling unauthorized memory capture through PCI cards, potentially leading to data breaches.
Technical Details of CVE-2023-29063
The vulnerability stems from the lack of protection mechanisms for alternate hardware interfaces, a common issue identified as CWE-1299. The attack vector, categorized as physical, requires no privileges and poses a low attack complexity.
Vulnerability Description
The FACSChorus workstation allows threat actors to bypass security measures by physically accessing PCIe slots, facilitating memory capture and accessing sensitive data like BitLocker encryption keys.
Affected Systems and Versions
The vulnerability affects FACSChorus versions 3.0 and 5.0, allowing threat actors to exploit systems operating on Windows 64-bit platforms.
Exploitation Mechanism
By inserting a PCI card designed for memory capture into the workstation's PCIe slots, threat actors can isolate and extract sensitive information from the workstation's RAM, compromising data security.
Mitigation and Prevention
To safeguard against the CVE-2023-29063 vulnerability, immediate steps should be taken to secure the FACSChorus workstations and prevent unauthorized memory capture.
Immediate Steps to Take
- Ensure strict physical access controls to limit unauthorized access to FACSChorus workstations.
- Implement industry-standard network security policies when connecting workstations to local networks.
- Enforce strict administrative access controls in accordance with IT security policies.
Long-Term Security Practices
Regularly update FACSChorus software to address vulnerabilities and strengthen system security.
Patching and Updates
Stay informed about upcoming software releases and security bulletins from Becton, Dickinson and Company (BD) to address CVE-2023-29063 and other associated vulnerabilities.