PAX POS Devices Vulnerable to Escalation of Privilege Due to Improperly Configured Scripts

CVE-2023-42133

6.7MEDIUM

Key Information

Vendor: Pax
Status: Pos Terminals
Vendor: CVE Published:; 11 October 2024

Summary

PAX Android based POS devices allow for escalation of privilege via improperly configured scripts. An attacker must have shell access with system account privileges in order to exploit this vulnerability. A patch addressing this issue was included in firmware version PayDroid_8.1.0_Sagittarius_V11.1.61_20240226.

Affected Version(s)

POS terminals < 11.1.61_20240226

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
Oct 11, 2024
Vulnerability Reserved.
Sep 7, 2023

Collectors

NVD DatabaseMitre Database