CVE-2023-42133
6.7
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
PAX Android based POS devices allow for escalation of privilege via improperly configured scripts.
An attacker must have shell access with system account privileges in order to exploit this vulnerability. A patch addressing this issue was included in firmware version PayDroid_8.1.0_Sagittarius_V11.1.61_20240226.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| PAX | POS terminals | 0 < 11.1.61_20240226 | affected |
Weaknesses
- CWE-276: CWE-276 Incorrect Default Permissions
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
- https://ppn.paxengine.com/release/development?
- https://blog.stmcyber.com/pax-pos-cves-2023/
- https://cert.pl/en/posts/2024/10/CVE-2023-42133
- https://cert.pl/posts/2024/10/CVE-2023-42133
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.