PAX POS Devices Vulnerable to Escalation of Privilege Due to Improperly Configured Scripts
CVE-2023-42133

6.7MEDIUM

Key Information:

Vendor: Pax
Status: Pos Terminals
Vendor: CVE Published:; 11 October 2024

What is CVE-2023-42133?

Within PAX Android based POS devices, a significant vulnerability exists that allows for privilege escalation due to the presence of improperly configured scripts. To exploit this vulnerability, an attacker must attain shell access with system account privileges. This flaw poses a considerable risk to device integrity and user security. A remedy has been provided in firmware version PayDroid_8.1.0_Sagittarius_V11.1.61_20240226, which addresses the underlying issues. Regular updates and vigilance are recommended to safeguard against potential exploitation.

Affected Version(s)

POS terminals Android 0 < 11.1.61_20240226

References

https://ppn.paxengine.com/release/development?

vendor-advisory

https://blog.stmcyber.com/pax-pos-cves-2023/

technical-description

https://cert.pl/en/posts/2024/10/CVE-2023-42133

third-party-advisory

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 11, 2024
Vulnerability Reserved
Sep 7, 2023

Pax

What is CVE-2023-42133?

Affected Version(s)

References

CVSS V3.1

Timeline