CVE-2023-42133

Sažetak

PAX Android based POS devices allow for escalation of privilege via improperly configured scripts. An attacker must have shell access with system account privileges in order to exploit this vulnerability. A patch addressing this issue was included in firmware version PayDroid_8.1.0_Sagittarius_V11.1.61_20240226.

Reference

https://blog.stmcyber.com/pax-pos-cves-2023/
https://cert.pl/en/posts/2024/10/CVE-2023-42133
https://cert.pl/posts/2024/10/CVE-2023-42133
https://ppn.paxengine.com/release/development?

CVSS

Base:	6.7
Impact:	5.9
Exploitability:	0.8

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	HIGH

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	HIGH	HIGH

CVSS vektor

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Zadnje važnije ažuriranje

15-10-2024 - 12:58

Objavljeno

11-10-2024 - 13:15