CVE-2023-42133

PAX Android based POS devices allow for escalation of privilege via improperly configured scripts.

An attacker must have shell access with system account privileges in order to exploit this vulnerability.
A patch addressing this issue was included in firmware version PayDroid_8.1.0_Sagittarius_V11.1.61_20240226.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.7 MEDIUM
LOCAL
LOW
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CERT-PLCNA
6.7 MEDIUM
LOCAL
LOW
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CISA-ADPADP
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 1%
Common Weakness Enumeration
References
https://blog.stmcyber.com/pax-pos-cves-2023/
https://cert.pl/en/posts/2024/10/CVE-2023-42133
https://cert.pl/posts/2024/10/CVE-2023-42133
https://ppn.paxengine.com/release/development?