CVE-2023-42134

Exploit

EPSS 0.09%
Veröffentlicht 15.01.2024 14:15:24
Zuletzt bearbeitet 21.11.2024 08:22:20
Quelle cvd@cert.pl
CVE-Watchlists
Login
Unerledigt
Login

PAX Android based POS devices with PayDroid_8.1.0_Sagittarius_V11.1.45_20230314 or earlier can allow the signed partition overwrite and subsequently local code execution via hidden command.





The attacker must have physical USB access to the device in order to exploit this vulnerability.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Paxtechnology ≫ Paydroid Version <= 8.1.0_sagittarius_v11.1.45_20230314

Paxtechnology ≫ A920 Pro Version-

Paxtechnology ≫ Paydroid Version <= 8.1.0_sagittarius_v11.1.45_20230314

Paxtechnology ≫ A50 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.09%	0.252

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.8	0.9	5.9	CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvd@cert.pl	6.8	0.9	5.9	CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-912 Hidden Functionality

The product contains functionality that is not documented, not part of the specification, and not accessible through an interface or command sequence that is obvious to the product's users or administrators.

https://blog.stmcyber.com/pax-pos-cves-2023/

Third Party Advisory

Exploit

https://cert.pl/en/posts/2024/01/CVE-2023-4818/

Third Party Advisory

https://cert.pl/posts/2024/01/CVE-2023-4818/

Third Party Advisory

https://ppn.paxengine.com/release/development

Permissions Required

https://nvd.nist.gov/vuln/detail/CVE-2023-42134

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-42134

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-42134

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2023-42134