Bootloader Downgrade Vulnerability in PAX A920 Device
CVE-2023-4818

7.6HIGH

Key Information:

Vendor

Pax Technology

Status
A920
Vendor
CVE Published:
15 January 2024

What is CVE-2023-4818?

A security issue has been identified in the PAX A920 device, which allows an attacker with physical USB access to exploit a flaw in the bootloader version check. Despite the correct handling of digital signatures, this vulnerability enables the potential downgrade of the bootloader, leading to possible unauthorized firmware installation. The risk emphasizes the critical need for physical security measures around the device to mitigate exploitation potential.

Affected Version(s)

A920 0

References

https://ppn.paxengine.com/release/development
vendor-advisory
https://blog.stmcyber.com/pax-pos-cves-2023/
technical-description
https://cert.pl/en/posts/2024/01/CVE-2023-4818/
third-party-advisory

CVSS V3.1

Score:
7.6
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Physical
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Hubert Jasudowicz, Adam KliĹ› and other members of STM Cyber R&D team
.