← Zuruck zu CVEs
CVE-2023-42133
MEDIUM6.7
Beschreibung
PAX Android based POS devices allow for escalation of privilege via improperly configured scripts. An attacker must have shell access with system account privileges in order to exploit this vulnerability. A patch addressing this issue was included in firmware version PayDroid_8.1.0_Sagittarius_V11.1.61_20240226.
CVE Details
CVSS v3.1 Bewertung6.7
SchweregradMEDIUM
CVSS VektorCVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
AngriffsvektorLOCAL
KomplexitatLOW
Erforderliche PrivilegienHIGH
BenutzerinteraktionNONE
Veroffentlicht10/11/2024
Zuletzt geandert10/15/2024
Quellenvd
Honeypot-Sichtungen0
Schwachen (CWE)
CWE-276
Referenzen
https://blog.stmcyber.com/pax-pos-cves-2023/(cvd@cert.pl)
https://cert.pl/en/posts/2024/10/CVE-2023-42133(cvd@cert.pl)
https://cert.pl/posts/2024/10/CVE-2023-42133(cvd@cert.pl)
https://ppn.paxengine.com/release/development?(cvd@cert.pl)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.