CVE-2023-42133

EUVD-2023-46592
PAX Android based POS devices allow for escalation of privilege via improperly configured scripts.

An attacker must have shell access with system account privileges in order to exploit this vulnerability.
A patch addressing this issue was included in firmware version PayDroid_8.1.0_Sagittarius_V11.1.61_20240226.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.7 MEDIUM
LOCAL
LOW
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
paxtechnologypaydroid
𝑥
< 11.1.61_20240226
ADP
Common Weakness Enumeration
References
https://blog.stmcyber.com/pax-pos-cves-2023/
https://cert.pl/en/posts/2024/10/CVE-2023-42133
https://cert.pl/posts/2024/10/CVE-2023-42133
https://ppn.paxengine.com/release/development?