CVE-2023-42133

medium

Description

PAX Android based POS devices allow for escalation of privilege via improperly configured scripts. An attacker must have shell access with system account privileges in order to exploit this vulnerability. A patch addressing this issue was included in firmware version PayDroid_8.1.0_Sagittarius_V11.1.61_20240226.

References

https://ppn.paxengine.com/release/development?

https://cert.pl/posts/2024/10/CVE-2023-42133

https://cert.pl/en/posts/2024/10/CVE-2023-42133

https://blog.stmcyber.com/pax-pos-cves-2023/

Details

Source: Mitre, NVD

Published: 2024-10-11

Updated: 2024-10-15

Risk Information

CVSS v2

Base Score: 6.5

Vector: CVSS2#AV:L/AC:L/Au:M/C:C/I:C/A:C

Severity: Medium

CVSS v3

Base Score: 6.7

Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Severity: Medium